- From: Anne van Kesteren <notifications@github.com>
- Date: Thu, 18 Oct 2018 02:48:58 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 18 October 2018 09:49:20 UTC
annevk commented on this pull request. > @@ -2498,7 +2508,32 @@ response <a for=/>header</a> can be used to require checking of a <a for=/>respo `<code>Content-Type</code>` <a for=/>header</a> against the <a for=request>destination</a> of a <a for=/>request</a>. -<p>Its <a for=header>value</a> <a>ABNF</a>: +<p>To <dfn>determine nosniff</dfn>, given a <a for=/>header list</a> <var>list</var>, run these +steps: + +<ol> + <li><p>Let <var>value</var> be the result of <a for="header list">getting</a> + `<a http-header><code>X-Content-Type-Options</code></a>` from <var>list</var>. + + <li><p>If <var>value</var> is null, then return false. + + <li><p>Let <var>stringValue</var> be the <a>isomorphic encode</a> of <var>value</var>. It should be isomorphic decode. I think for some header values we want to always decode using UTF-8? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/818#discussion_r226240093
Received on Thursday, 18 October 2018 09:49:20 UTC