- From: Anne van Kesteren <notifications@github.com>
- Date: Tue, 13 Oct 2015 05:40:38 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
Received on Tuesday, 13 October 2015 12:41:38 UTC
> @@ -2087,6 +2094,11 @@ <h4 id="should-response-to-request-be-blocked-due-to-nosniff?"><dfn title="shoul > "<code title>manual</code>" and <var title>response</var>'s > <span title=concept-response-type>type</span> is "<code title>opaqueredirect</code>". > </ul> > + > + <li> > + <p>Execute <a href=https://w3c.github.io/webappsec-csp/set-response-policy-list>Set > + <var title>response</var>'s policy list</a> on <var title>response</var>. > + <span data-anolis-ref>CSP</span> You can't get to the header list of an opaque response (it will always be empty). I guess as long as opaque responses always come from the network this might work (since the internal response will have its policy list set at that point), but it's not clear to me they always will. But maybe if they don't come from the network CSP doesn't matter... On top of that, should we avoid setting a policy list here if the response already has one? --- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/140/files#r41860011
Received on Tuesday, 13 October 2015 12:41:38 UTC