Skip to content

Commit

Permalink
Check serving constraints of WebBundle responses
Browse files Browse the repository at this point in the history 
This adds check for the serving constraints of WebBundle responses [1].
After this patch, subresource web bundles served without the following
response headers will be rejected.

- Content-Type: application/webbundle
- X-Content-Type-Options: nosniff

[1] https://wicg.github.io/webpackage/draft-yasskin-wpack-bundled-exchanges.html#name-serving-constraints

Bug: 1176493
Change-Id: I03adef6bad769dfd69fdad76c933f701679c118e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2691792
Commit-Queue: Kunihiko Sakamoto <ksakamoto@chromium.org>
Reviewed-by: Tsuyoshi Horo <horo@chromium.org>
Reviewed-by: Hayato Ito <hayato@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Karan Bhatia <karandeepb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#854600}
  • Loading branch information
@irori @chromium-wpt-export-bot
irori authored and chromium-wpt-export-bot committed Feb 17, 2021
1 parent 7754275 commit 05d7d56
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 0 deletions.
1 change: 1 addition & 0 deletions web-bundle/resources/wbn/cors/__dir__.headers
View file
@@ -1,2 +1,3 @@
Content-Type: application/webbundle
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
2 changes: 2 additions & 0 deletions web-bundle/resources/wbn/no-cors/__dir__.headers
View file
@@ -0,0 +1,2 @@
Content-Type: application/webbundle
X-Content-Type-Options: nosniff

0 comments on commit 05d7d56

Please sign in to comment.