Re: [whatwg/fetch] CORB: nosniff handling (#686) from Anne van Kesteren on 2018-03-28 (public-webapps-github@w3.org from March 2018)

From: Anne van Kesteren <notifications@github.com>
Date: Wed, 28 Mar 2018 00:32:59 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/pull/686/c376790056@github.com>

Thanks! I have a couple questions.

1. Are you planning on changing the implementation to use a network error for the cases enumerated in the PR?
2. It's intentional that this only happens if the server defined a `X-Content-Type-Options: nosniff` header for the resource? Doing it more generally breaks too much?
3. You include "track", but per the HTML Standard browsers are already required to be strict for its fetches, irrespective of nosniff. That's not the case in implementations?
4. What https://cs.chromium.org/chromium/src/services/network/cross_origin_read_blocking.cc?q=%22json%2B%22&sq=package:chromium&dr=C&l=83 considers JSON is a superset of what this PR considers JSON. Is that intentional?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/686#issuecomment-376790056

Received on Wednesday, 28 March 2018 07:33:33 UTC