- From: Ilya Grigorik <notifications@github.com>
- Date: Fri, 26 Jun 2015 15:31:18 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
Received on Friday, 26 June 2015 22:31:51 UTC
> The reason I think it's important is because it has implications for security. You claim there's nothing to worry about but that analysis does not include service workers. Fair enough. My understanding is that the plan is to handle this case within CSP with a check at the beginning of the fetch, and a check before the response is consumed. That said, I'll defer to @mikewest on this one. > Substring seems like a very strange processing model. We should not treat MIME types that way. - http://www.w3.org/TR/html5/links.html#attr-hyperlink-type - http://www.w3.org/TR/html5/infrastructure.html#valid-mime-type - https://tools.ietf.org/html/rfc7231#section-3.1.1 I guess we can rewrite the above in terms of "type" and "subtype". E.g. if the "type token" of the provided mime-type is "image" --> "image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5", and so on. Would that be a better approach? --- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/64#issuecomment-115908892
Received on Friday, 26 June 2015 22:31:51 UTC