Bug 1514231 [wpt PR 14522] - SignedExchange: Require nosniff in outer response headers, a=testonly
authorKouhei Ueno <kouhei@chromium.org>
Thu, 31 Jan 2019 12:13:28 +0000
changeset 456743 8e0c10dc58255a9a29577813535a805fcf1999c0
parent 456742 f1ee03a06e0334bd8a171298562e351c26cc12e5
child 456744 010251b8f9dd6c8a3b952feeb8c19d09e094cab8
push id111705
push userjames@hoppipolla.co.uk
push dateTue, 05 Feb 2019 18:07:20 +0000
treeherdermozilla-inbound@9592b19c9b09 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstestonly
bugs1514231, 14522, 916362, 1373430, 617780
milestone67.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1514231 [wpt PR 14522] - SignedExchange: Require nosniff in outer response headers, a=testonly Automatic update from web-platform-tests SignedExchange: Require nosniff in outer response headers To encourage servers to include the nosniff header, this CL makes Chromium reject SXG served without the "X-Content-Type-Options: nosniff" header. Bug: https://github.com/WICG/webpackage/pull/348, 916362 Change-Id: I5343a8d13a42a3c9144f05d871777d35a20a77b7 Reviewed-on: https://chromium-review.googlesource.com/c/1373430 Commit-Queue: Kouhei Ueno <kouhei@chromium.org> Reviewed-by: Kunihiko Sakamoto <ksakamoto@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/master@{#617780} -- wpt-commits: 675ade14e7e8db49c13da4d4a8684568cedb10d7 wpt-pr: 14522
testing/web-platform/tests/signed-exchange/resources/fallback-to-another-sxg.sxg.headers
testing/web-platform/tests/signed-exchange/resources/nested-sxg.sxg.headers
testing/web-platform/tests/signed-exchange/resources/sxg-head-request.sxg.headers
testing/web-platform/tests/signed-exchange/resources/sxg-inner-url-bom.sxg.headers
testing/web-platform/tests/signed-exchange/resources/sxg-invalid-validity-url.sxg.headers
testing/web-platform/tests/signed-exchange/resources/sxg-location.sxg.headers
testing/web-platform/tests/signed-exchange/resources/sxg-utf8-inner-url.sxg.headers
--- a/testing/web-platform/tests/signed-exchange/resources/fallback-to-another-sxg.sxg.headers
+++ b/testing/web-platform/tests/signed-exchange/resources/fallback-to-another-sxg.sxg.headers
@@ -1,1 +1,2 @@
 Content-Type: application/signed-exchange;v=b2
+X-Content-Type-Options: nosniff
--- a/testing/web-platform/tests/signed-exchange/resources/nested-sxg.sxg.headers
+++ b/testing/web-platform/tests/signed-exchange/resources/nested-sxg.sxg.headers
@@ -1,1 +1,2 @@
 Content-Type: application/signed-exchange;v=b2
+X-Content-Type-Options: nosniff
--- a/testing/web-platform/tests/signed-exchange/resources/sxg-head-request.sxg.headers
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg-head-request.sxg.headers
@@ -1,1 +1,2 @@
 Content-Type: application/signed-exchange;v=b2
+X-Content-Type-Options: nosniff
--- a/testing/web-platform/tests/signed-exchange/resources/sxg-inner-url-bom.sxg.headers
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg-inner-url-bom.sxg.headers
@@ -1,1 +1,2 @@
 Content-Type: application/signed-exchange;v=b2
+X-Content-Type-Options: nosniff
--- a/testing/web-platform/tests/signed-exchange/resources/sxg-invalid-validity-url.sxg.headers
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg-invalid-validity-url.sxg.headers
@@ -1,1 +1,2 @@
 Content-Type: application/signed-exchange;v=b2
+X-Content-Type-Options: nosniff
--- a/testing/web-platform/tests/signed-exchange/resources/sxg-location.sxg.headers
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg-location.sxg.headers
@@ -1,1 +1,2 @@
 Content-Type: application/signed-exchange;v=b2
+X-Content-Type-Options: nosniff
--- a/testing/web-platform/tests/signed-exchange/resources/sxg-utf8-inner-url.sxg.headers
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg-utf8-inner-url.sxg.headers
@@ -1,1 +1,2 @@
 Content-Type: application/signed-exchange;v=b2
+X-Content-Type-Options: nosniff