W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2015

Re: X-Content-Type-Options: nosniff

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 3 Apr 2015 07:39:38 +0200
Message-ID: <CADnb78gHoZdhsGqhqzk=bUpJu9y-x1-eJaBrAQWLZ72NBUZ9Sw@mail.gmail.com>
To: Joel Weinberger <jww@chromium.org>
Cc: WebAppSec WG <public-webappsec@w3.org>
On Thu, Apr 2, 2015 at 9:09 PM, Joel Weinberger <jww@chromium.org> wrote:
> Anne, could you retry some of that on Chrome Canary? I actually made a few
> changes a few days ago that should treat sniff failures as network errors
> (see https://codereview.chromium.org/1032033002/). If we're still firing the
> load event, that's definitely a bug at this point. In short, yes, I believe
> we would support treating them as network failures.

Did these land in Chrome dev by any chance? Thanks to Mike West my
tests are reviewed and committed, and for <script> Chrome passes all
tests now:

  https://w3c-test.org/fetch/nosniff/script.html

Yesterday Chrome dev was still failing several of those for me.


> I also noticed the console logging problem you mentioned and just filed a
> bug over it: https://crbug.com/473310.

Cool.


For those who want to track standardization, I opened this ticket:

  https://github.com/whatwg/fetch/issues/35


(And to the other reply, thanks Jim!)


-- 
https://annevankesteren.nl/
Received on Friday, 3 April 2015 05:40:02 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:11 UTC