On 9/5/19 9:20 AM, Sebastian Streich wrote:
In Firefox 70 I intend to enable nosniff support for page navigations by default.
We're still doing stream converters for navigations even if that header is sent. Is that intended? I filed https://bugzilla.mozilla.org/show_bug.cgi?id=1579176 to track that.
If a server's response does not include any mime-type but sets the response header "XCTO: nosniff" then Firefox will prompt the user to download the file
Is that definitely known to be true? Based on code inspection it looks like this case will set the type to UNKNOWN_CONTENT_TYPE, then keep trying to do stream conversion things with it 20 times in a row (or whatever the "general.document_open_conversion_depth_limit" pref is set to), and then kick it over to the helper app handler. After that what happens depends on whether the user might have a helper app defined for that type and so forth. If we actually mean to force a download, we should probably be doing so explicitly.
-Boris _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
