-
Kunihiko Sakamoto authored
This patch implements the following restrictions on Signed Exchange inner responses, added in https://github.com/WICG/webpackage/pull/354: - Inner response must have a Content-Type header (step 7. of [1]). - Clients must not sniff a media type from the payload bytes. In the loading spec, parser injects "X-Content-Type-Options: nosniff" header while parsing response headers (step 8. of [1]) to achieve this. [1] https://wicg.github.io/webpackage/loading.html#parse-b2-cbor-headers Bug: 1051390 Change-Id: Ia7274f32e43dac28affd718a2965d575b955353c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2059751Reviewed-by:
Tsuyoshi Horo <horo@chromium.org> Reviewed-by:
Kinuko Yasuda <kinuko@chromium.org> Commit-Queue: Kunihiko Sakamoto <ksakamoto@chromium.org> Cr-Commit-Position: refs/heads/master@{#742451}
9b3616d3
