From d2c4b9b89f20e34d2a0a66264e5668b0a7684c51 Mon Sep 17 00:00:00 2001 From: Lukasz Anforowicz Date: Thu, 13 Jun 2019 14:18:57 +0000 Subject: [PATCH] Bug 1554304 [wpt PR 17006] - CORB should block event-stream, gzip and x-www-form-urlencoded., a=testonly MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Automatic update from web-platform-tests CORB should block event-stream, gzip and x-www-form-urlencoded. This CL adds CORB coverage for: 1) text/event-stream, application/x-www-form-urlencoded, based on the code review discussion in a previous CL here: https://chromium-review.googlesource.com/c/chromium/src/+/1604244/4/services/network/cross_origin_read_blocking.cc#227 2) application/gzip, which wasn't mentioned explicitly in the CR discussion above, but which is ranked #212 in the spreadsheet mentioned in https://github.com/whatwg/fetch/issues/860#issuecomment-457330454 and therefore probably should have been included in r659671 together with x-gzip (ranked #54) and zip (ranked #71). Bug: 802836 Change-Id: I8c10f900110a2cb471437a19425bfd5e38aed2fe Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1628809 Reviewed-by: Charlie Reis Commit-Queue: Ɓukasz Anforowicz Cr-Commit-Position: refs/heads/master@{#663824} -- wp5At-commits: 4308b47e147274f6702a0c1add77488fbc75a309 wpt-pr: 17006 --- .../script-resource-with-nonsniffable-types.tentative.sub.html | 3 +++ 1 file changed, 3 insertions(+) diff --git a/testing/web-platform/tests/fetch/corb/script-resource-with-nonsniffable-types.tentative.sub.html b/testing/web-platform/tests/fetch/corb/script-resource-with-nonsniffable-types.tentative.sub.html index 62fd9ca389da9..e599bf26f9445 100644 --- a/testing/web-platform/tests/fetch/corb/script-resource-with-nonsniffable-types.tentative.sub.html +++ b/testing/web-platform/tests/fetch/corb/script-resource-with-nonsniffable-types.tentative.sub.html @@ -53,9 +53,12 @@ // Some mime types should be protected by CORB without any kind // of confirmation sniffing. protected_mime_types = [ + "application/gzip", "application/x-gzip", "application/x-protobuf", + "application/x-www-form-urlencoded", "application/zip", + "text/event-stream", // TODO(lukasza): https://crbug.com/944162: Add application/pdf and // text/csv to the list of content types tested here (after // kMimeHandlerViewInCrossProcessFrame gets enabled by default).