Issue 788332 link

Starred by 1 user

Issue metadata

Status:	Started
Owner:	█ mkwst@chromium.org Buried. Ping if important.
EstimatedDays:	----
NextAction:	----
OS:	Linux , Android , Windows , Chrome , Mac
Pri:	3
Type:	Bug

We should only parse the first `X-Content-Type-Options` header.

Project Member Reported by mkwst@chromium.org, Nov 24 2017

Issue description

See the failing test in http://w3c-test.org/fetch/nosniff/parsing-nosniff.html, and step 2 of https://fetch.spec.whatwg.org/#should-response-to-request-be-blocked-due-to-nosniff?.

Project Member

Comment 1 by bugdroid1@chromium.org, Nov 27 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/382b9185de0314ae390bfaefd7015faeeb4f826f

commit 382b9185de0314ae390bfaefd7015faeeb4f826f
Author: Mike West <mkwst@chromium.org>
Date: Mon Nov 27 15:17:05 2017

Parse only the first 'X-Content-Type-Options' header.

See the failing test in http://w3c-test.org/fetch/nosniff/parsing-nosniff.html,
and step 2 of https://fetch.spec.whatwg.org/#should-response-to-request-be-blocked-due-to-nosniff?.

Bug: 788332
Change-Id: I70a12b92ffd53429931538b715bd4d01948f72e0
Reviewed-on: https://chromium-review.googlesource.com/788852
Commit-Queue: Mike West <mkwst@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#519300}
[delete] https://crrev.com/afd7f3d760affbe7b7e6f78af4588bbf91ad3aa4/third_party/WebKit/LayoutTests/external/wpt/fetch/nosniff/parsing-nosniff-expected.txt
[modify] https://crrev.com/382b9185de0314ae390bfaefd7015faeeb4f826f/third_party/WebKit/Source/platform/network/HTTPParsers.cpp
[modify] https://crrev.com/382b9185de0314ae390bfaefd7015faeeb4f826f/third_party/WebKit/Source/platform/network/HTTPParsersTest.cpp

►

Issue 788332 link

Issue metadata

We should only parse the first `X-Content-Type-Options` header.

Issue description

Comment 1 by bugdroid1@chromium.org, Nov 27 2017

Comment 1 Deleted

Sign in to add a comment