Chromium side issue for https://github.com/WICG/webpackage/pull/348
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/7ebbeeebe7bb5b944f6c9a01f90f4a2e6630efc8 commit 7ebbeeebe7bb5b944f6c9a01f90f4a2e6630efc8 Author: Kouhei Ueno <kouhei@chromium.org> Date: Wed Dec 19 09:59:35 2018 SignedExchange: Require nosniff in outer response headers To encourage servers to include the nosniff header, this CL makes Chromium reject SXG served without the "X-Content-Type-Options: nosniff" header. Bug: https://github.com/WICG/webpackage/pull/348, 916362 Change-Id: I5343a8d13a42a3c9144f05d871777d35a20a77b7 Reviewed-on: https://chromium-review.googlesource.com/c/1373430 Commit-Queue: Kouhei Ueno <kouhei@chromium.org> Reviewed-by: Kunihiko Sakamoto <ksakamoto@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/master@{#617780} [modify] https://crrev.com/7ebbeeebe7bb5b944f6c9a01f90f4a2e6630efc8/content/browser/loader/prefetch_browsertest.cc [modify] https://crrev.com/7ebbeeebe7bb5b944f6c9a01f90f4a2e6630efc8/content/browser/web_package/signed_exchange_error.h [modify] https://crrev.com/7ebbeeebe7bb5b944f6c9a01f90f4a2e6630efc8/content/browser/web_package/signed_exchange_handler.cc [modify] https://crrev.com/7ebbeeebe7bb5b944f6c9a01f90f4a2e6630efc8/content/browser/web_package/signed_exchange_handler.h [modify] https://crrev.com/7ebbeeebe7bb5b944f6c9a01f90f4a2e6630efc8/content/browser/web_package/signed_exchange_handler_unittest.cc [modify] https://crrev.com/7ebbeeebe7bb5b944f6c9a01f90f4a2e6630efc8/content/browser/web_package/signed_exchange_loader.cc [modify] https://crrev.com/7ebbeeebe7bb5b944f6c9a01f90f4a2e6630efc8/content/browser/web_package/signed_exchange_request_handler_browsertest.cc [modify] https://crrev.com/7ebbeeebe7bb5b944f6c9a01f90f4a2e6630efc8/content/test/data/sxg/generate-test-sxgs.sh [modify] https://crrev.com/7ebbeeebe7bb5b944f6c9a01f90f4a2e6630efc8/content/test/data/sxg/test.example.org_test.sxg.mock-http-headers [modify] https://crrev.com/7ebbeeebe7bb5b944f6c9a01f90f4a2e6630efc8/content/test/data/sxg/test.example.org_test_download.sxg.mock-http-headers [modify] https://crrev.com/7ebbeeebe7bb5b944f6c9a01f90f4a2e6630efc8/content/test/data/sxg/test.example.org_test_invalid_cbor_header.sxg.mock-http-headers [modify] https://crrev.com/7ebbeeebe7bb5b944f6c9a01f90f4a2e6630efc8/content/test/data/sxg/test.example.org_test_invalid_content_type.sxg.mock-http-headers [modify] https://crrev.com/7ebbeeebe7bb5b944f6c9a01f90f4a2e6630efc8/content/test/data/sxg/test.example.org_test_invalid_magic_string.sxg.mock-http-headers [add] https://crrev.com/7ebbeeebe7bb5b944f6c9a01f90f4a2e6630efc8/content/test/data/sxg/test.example.org_test_missing_nosniff.sxg [add] https://crrev.com/7ebbeeebe7bb5b944f6c9a01f90f4a2e6630efc8/content/test/data/sxg/test.example.org_test_missing_nosniff.sxg.mock-http-headers [modify] https://crrev.com/7ebbeeebe7bb5b944f6c9a01f90f4a2e6630efc8/third_party/blink/web_tests/external/wpt/signed-exchange/resources/fallback-to-another-sxg.sxg.headers [modify] https://crrev.com/7ebbeeebe7bb5b944f6c9a01f90f4a2e6630efc8/third_party/blink/web_tests/external/wpt/signed-exchange/resources/nested-sxg.sxg.headers [modify] https://crrev.com/7ebbeeebe7bb5b944f6c9a01f90f4a2e6630efc8/third_party/blink/web_tests/external/wpt/signed-exchange/resources/sxg-head-request.sxg.headers [modify] https://crrev.com/7ebbeeebe7bb5b944f6c9a01f90f4a2e6630efc8/third_party/blink/web_tests/external/wpt/signed-exchange/resources/sxg-inner-url-bom.sxg.headers [modify] https://crrev.com/7ebbeeebe7bb5b944f6c9a01f90f4a2e6630efc8/third_party/blink/web_tests/external/wpt/signed-exchange/resources/sxg-invalid-validity-url.sxg.headers [modify] https://crrev.com/7ebbeeebe7bb5b944f6c9a01f90f4a2e6630efc8/third_party/blink/web_tests/external/wpt/signed-exchange/resources/sxg-location.sxg.headers [modify] https://crrev.com/7ebbeeebe7bb5b944f6c9a01f90f4a2e6630efc8/third_party/blink/web_tests/external/wpt/signed-exchange/resources/sxg-utf8-inner-url.sxg.headers [modify] https://crrev.com/7ebbeeebe7bb5b944f6c9a01f90f4a2e6630efc8/third_party/blink/web_tests/http/tests/loading/sxg/resources/.htaccess
Comment 1 by kouhei@chromium.org
, Dec 19