New issue
Advanced search Search tips

Issue 794530 link

Starred by 1 user
Status: WontFix
Owner:
vogelheim@chromium.org
Closed: Dec 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug
Launch-Accessibility: NA
Launch-Legal: NA
Launch-Privacy: NA
Launch-Security: NA
Launch-Test: NA
Launch-UI: NA



Sign in to add a comment

Remove content type sniffing for worker scripts

Project Member Reported by vogelheim@google.com, Dec 13 2017 
Technical feature description:

Disable 'content type sniffing' for worker scripts only. That is, only allow execution from resources with a supported JavaScript content type. This edges us a little closer to the goal of never second-guessing the content type of a resource.


Eng owner: vogelheim@chromium.org, mkwst@chromium.org


Design doc:

  +--------------------------------------------------------------------
  |
  | In AllowedByNosniff:::MimeTypeAsScript (AllowedByNosniff.cpp),
  | hoist worker_global_scope to the top and use it in the first
  | if-condition, or something vaguely like that.
  |
  +--------------------------------------------------------------------


Metrics: 

This condition is presently covered by UseCounters, which indicate this would impact less than 0.01% of page loads.

Comment 1 by vogelheim@chromium.org, Dec 13 2017

Owner: vogelheim@chromium.org

Comment 2 by vogelheim@chromium.org, Dec 13 2017

Labels: -Type-Launch Type-Bug
Status: WontFix (was: Assigned)
Abandoned in favour of 794548.

Sign in to add a comment