Skip to content

Commit

Permalink
Block manifest-based media and WebVTT
Browse files Browse the repository at this point in the history 
These MIME types cannot be fetched without CORS.

Closes #20 and closes #23.

Follow-up: whatwg/html#6468.
  • Loading branch information
@annevk
annevk committed Oct 5, 2021
1 parent 282c8ff commit 9c4bd7f
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,14 @@ An **opaque-blocklisted MIME type** is an [HTML MIME type](https://mimesniff.spe

An **opaque-blocklisted-never-sniffed MIME type** is a MIME type whose essence is one of

* "`application/dash+xml`"
* "`application/gzip`"
* "`application/msexcel`"
* "`application/mspowerpoint`"
* "`application/msword`"
* "`application/msword-template`"
* "`application/pdf`"
* "`application/vnd.apple.mpegurl`"
* "`application/vnd.ces-quickpoint`"
* "`application/vnd.ces-quicksheet`"
* "`application/vnd.ces-quickword`"
Expand All @@ -47,10 +49,12 @@ An **opaque-blocklisted-never-sniffed MIME type** is a MIME type whose essence i
* "`application/x-protobuf`"
* "`application/x-protobuffer`"
* "`application/zip`"
* "`audio/mpegurl`"
* "`multipart/byteranges`"
* "`multipart/signed`"
* "`text/event-stream`"
* "`text/csv`"
* "`text/vtt`"

A user agent has an **opaque-safelisted requesters set**. (This should be scoped similar to other network caches.)

Expand Down

0 comments on commit 9c4bd7f

Please sign in to comment.