- From: Anne van Kesteren <notifications@github.com>
- Date: Wed, 17 Oct 2018 07:18:37 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 17 October 2018 14:18:58 UTC
annevk commented on this pull request. > + + <li> + <p>Let <var>tokens</var> be the result of + <a lt="split on commas">Spliting <var>stringValue</var> on commas</a>. + + <p class="note">This intentionally strips U+000C FORM FEED, despite 0x0C not being being a + <a>HTTP whitespace byte</a>. + + <li><p>If <var>tokens</var>[0] is an <a>ASCII case-insensitive</a> match for + "<code>nosniff</code>", then return true. + + <li><p>Return false. +</ol> + +<p>Web developers and conformance checkers must use the following <a for=header>value</a> +<a>ABNF</a> for `<a http-header><code>X-Content-Type-Options</code></a>`: <pre> X-Content-Type-Options = "nosniff" ; case-insensitive</pre> I think it's to align with other ABNF pieces in Fetch, but not sure. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/818#discussion_r225949206
Received on Wednesday, 17 October 2018 14:18:58 UTC