W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2015

Re: [CSP] Difference in browser behaviour for 304 responses

From: André N. Klingsheim <andre.klingsheim@owasp.org>
Date: Sun, 11 Oct 2015 14:25:37 +0200
To: public-webappsec@w3.org
Message-ID: <561A5541.7000805@owasp.org>
On 11.10.2015 09:42, Anne van Kesteren wrote:
> I would recommend filing a bug against Chromium. We want the
> update-headers behavior for CORS too. Would make sense to keep that
> consistent.

I found a bug for the same behaviour with X-Frame-Options, I'll try to 
revive that with a comment, hopefully they'll have a look at how they 
handle all the security headers.

https://code.google.com/p/chromium/issues/detail?id=354080

-- 
André N. Klingsheim
Received on Sunday, 11 October 2015 12:26:17 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:52 UTC