- From: Anne van Kesteren <notifications@github.com>
- Date: Mon, 21 Jan 2019 14:01:01 +0000 (UTC)
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 21 January 2019 14:01:27 UTC
Adding more types sounds good. Doing it based on the `Content-Type` header seems good, but as the result of sniffing seems acceptable too. Especially "binary" formats often have reliable signatures we could use to quickly block things. We should definitely define how all of that works. I hope to have time later this year to revamp the MIME Sniffing specification a little so it's a bit more apparent what kind of architecture we need/have (though if someone else wants to take that on that'd be great too). I'd basically try to add as many types as possible. We can add whatever cannot normally be loaded or parsed via `no-cors` (media, script, style). I do think it would be nice if we could switch the error handling as per #727. Currently CORB sticks out a bit and I don't think it's needed, even though the change would be somewhat observable. At that point it wouldn't really be different from blocking `text/csv` for script loads as we do today. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/860#issuecomment-456083716
Received on Monday, 21 January 2019 14:01:27 UTC