Bug 1523706 - Consider strictly enforcing MIME checks for Worker scripts. r=ckerschb
authorTom Schuster <evilpies@gmail.com>
Tue, 16 Jul 2019 20:40:03 +0000
changeset 11745 f88bd8d78495aee1cab768b8bff2df69385e6122
parent 11744 953b39112289defa297262ae940b6113ccd85622
child 11746 853e92b91d753d309d2339d960dc69c95b65308d
push id156
push userflodolo@mozilla.com
push dateMon, 29 Jul 2019 09:39:25 +0000
reviewersckerschb
bugs1523706
Bug 1523706 - Consider strictly enforcing MIME checks for Worker scripts. r=ckerschb No test changes yet. Differential Revision: https://phabricator.services.mozilla.com/D32806 X-Channel-Repo: mozilla-central X-Channel-Converted-Revision: 8fcae0a0d73131793ca7491cb273355cadbdc45d X-Channel-Repo: releases/mozilla-beta X-Channel-Revision: e5d98eda2ec359a0968c567076b1a625cb6c99ce X-Channel-Repo: releases/mozilla-release X-Channel-Revision: 2fb19d0466d2f61674c0af80813645cccd510593 X-Channel-Repo: releases/mozilla-esr68 X-Channel-Revision: a8da73ce90a4110e14caaba3e93d8a086b3a0669
dom/chrome/security/security.properties
--- a/dom/chrome/security/security.properties
+++ b/dom/chrome/security/security.properties
@@ -85,16 +85,17 @@ DeprecatedTLSVersion=This site uses a de
 MimeTypeMismatch2=The resource from “%1$S” was blocked due to MIME type (“%2$S”) mismatch (X-Content-Type-Options: nosniff).
 # LOCALIZATION NOTE: Do not translate "X-Content-Type-Options" and also do not translate "nosniff".
 XCTOHeaderValueMissing=X-Content-Type-Options header warning: value was “%1$S”; did you mean to send “nosniff”?
 
 BlockScriptWithWrongMimeType2=Script from “%1$S” was blocked because of a disallowed MIME type (“%2$S”).
 WarnScriptWithWrongMimeType=The script from “%1$S” was loaded even though its MIME type (“%2$S”) is not a valid JavaScript MIME type.
 # LOCALIZATION NOTE: Do not translate "importScripts()"
 BlockImportScriptsWithWrongMimeType=Loading script from “%1$S” with importScripts() was blocked because of a disallowed MIME type (“%2$S”).
+BlockWorkerWithWrongMimeType=Loading Worker from “%1$S” was blocked because of a disallowed MIME type (“%2$S”).
 BlockModuleWithWrongMimeType=Loading module from “%1$S” was blocked because of a disallowed MIME type (“%2$S”).
 
 # LOCALIZATION NOTE: Do not translate "data: URI".
 BlockTopLevelDataURINavigation=Navigation to toplevel data: URI not allowed (Blocked loading of: “%1$S”)
 BlockSubresourceRedirectToData=Redirecting to insecure data: URI not allowed (Blocked loading of: “%1$S”)
 
 BlockSubresourceFTP=Loading FTP subresource within http(s) page not allowed (Blocked loading of: “%1$S”)