On Thu, Sep 5, 2019 at 6:21 AM Sebastian Streich <sstre...@mozilla.com> wrote:
> Link to standard: > https://fetch.spec.whatwg.org/#x-content-type-options-header That bit of the standard doesn't describe this behavior--it still only talks about scripts and style. Is there an issue or PR to update the spec to describe this blocking? Is this feature enabled by default in sandboxed iframes? N/A > Will we still try to sniff if you frame the victim resource instead of navigating to it at the top level? Checking the code this does apply to TYPE_SUBDOCUMENT and I don't see any "if sandboxed" checks , so I think your answer here should be "Yes: it applies to sandboxed frames by default". _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
