Spec: https://w3c.github.io/webappsec-csp/#directive-plugin-types

Expected: If a plugin has a different MIME type than the declared one, we should block it if `plugin-types` is present.
Actual: The check is only done at request time at which point we don't know yet what the resource's actualy MIME type is.

Tests (that we currently skip):
external/wpt/content-security-policy/plugin-types/plugintypes-mismatched-data.html [ Skip ]
external/wpt/content-security-policy/plugin-types/plugintypes-mismatched-url.html [ Skip ]

Currently we only do the check here https://cs.chromium.org/chromium/src/third_party/blink/renderer/core/html/html_plugin_element.cc?sq=package:chromium&g=0&l=663 which is called before doing the request.
 

Spec: https://w3c.github.io/webappsec-csp/#directive-plugin-types

Expected: If a plugin has a different MIME type than the declared one, we should block it if `plugin-types` is present.
Actual: The check is only done at request time at which point we don't know yet what the resource's actual MIME type is.

Tests (that we currently skip):
external/wpt/content-security-policy/plugin-types/plugintypes-mismatched-data.html [ Skip ]
external/wpt/content-security-policy/plugin-types/plugintypes-mismatched-url.html [ Skip ]

Currently we only do the check here https://cs.chromium.org/chromium/src/third_party/blink/renderer/core/html/html_plugin_element.cc?sq=package:chromium&g=0&l=663 which is called before doing the request.