Re: [whatwg/fetch] CORB: blocking of nosniff and 206 responses (#686) from Anne van Kesteren on 2018-05-07 (public-webapps-github@w3.org from May 2018)

From: Anne van Kesteren <notifications@github.com>
Date: Mon, 07 May 2018 07:09:43 +0000 (UTC)
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/pull/686/c386977937@github.com>

Tentative commit message:
```
CORB: protecting certain nosniff and 206 responses

CORB is an additional filter for responses of cross-origin "no-cors" 
fetches. It aims to provide defense-in-depth protection for JSON, 
HTML, XML (though not image/svg+xml), and (sometimes) text/plain 
resources against cross-process CPU exploits. It also makes it harder 
to use incorrectly labeled resources as scripts, images, fonts, etc.

Discussion and further work is tracked by #681.

Tests are in web-platform-tests's fetch/corb directory.
```
Ideally @jakearchibald would do a final review. If he can't do due to I/O maybe @yutakahirano can help.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/686#issuecomment-386977937

Received on Monday, 7 May 2018 07:10:10 UTC