Re: [whatwg/fetch] Be strict on request's Content-Type (#829) from Anne van Kesteren on 2018-11-09 (public-webapps-github@w3.org from November 2018)

From: Anne van Kesteren <notifications@github.com>
Date: Fri, 09 Nov 2018 00:14:49 -0800
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/pull/829/review/173307539@github.com>

annevk commented on this pull request.



> -            * ignoring parameters has been the standard for a long time now
-            * interesting test: "Content-Type: text/plain;" -->
+   <dd>
+    <ol>
+     <li><p>If <var>value</var> contains a <a>CORS-unsafe request-header byte</a>, then return
+     false.
+
+     <li><p>Let <var>mimeType</var> be the result of <a lt="parse a MIME type">parsing</a>
+     <var>value</var>.
+
+     <li><p>If <var>mimeType</var> is falure, then return false.
+
+     <li><p>If <var>mimeType</var>'s <a for="MIME type">essence</a> is not
+     "<code>application/x-www-form-urlencoded</code>", "<code>multipart/form-data</code>", or
+     "<code>text/plain</code>", then return false.
+    </ol>

I'll do this as part of #529.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/829#discussion_r232169475

Received on Friday, 9 November 2018 08:15:11 UTC