Skip to content

Commit

Permalink
CORB should block event-stream, gzip and x-www-form-urlencoded.
Browse files Browse the repository at this point in the history
This CL adds CORB coverage for:

1) text/event-stream, application/x-www-form-urlencoded, based on the
code review discussion in a previous CL here:
https://chromium-review.googlesource.com/c/chromium/src/+/1604244/4/services/network/cross_origin_read_blocking.cc#227

2) application/gzip, which wasn't mentioned explicitly in the CR
discussion above, but which is ranked #212 in the spreadsheet
mentioned in whatwg/fetch#860 (comment)
and therefore probably should have been included in r659671 together
with x-gzip (ranked #54) and zip (ranked #71).

Bug: 802836
Change-Id: I8c10f900110a2cb471437a19425bfd5e38aed2fe
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1628809
Reviewed-by: Charlie Reis <[email protected]>
Commit-Queue: Łukasz Anforowicz <[email protected]>
Cr-Commit-Position: refs/heads/master@{#663824}
  • Loading branch information
anforowicz authored and chromium-wpt-export-bot committed May 28, 2019
1 parent 060d986 commit 4308b47
Showing 1 changed file with 3 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -53,9 +53,12 @@
// Some mime types should be protected by CORB without any kind
// of confirmation sniffing.
protected_mime_types = [
"application/gzip",
"application/x-gzip",
"application/x-protobuf",
"application/x-www-form-urlencoded",
"application/zip",
"text/event-stream",
// TODO(lukasza): https://crbug.com/944162: Add application/pdf and
// text/csv to the list of content types tested here (after
// kMimeHandlerViewInCrossProcessFrame gets enabled by default).
Expand Down

0 comments on commit 4308b47

Please sign in to comment.