Re: X-Content-Type-Options: nosniff

On Thu, Apr 2, 2015 at 9:41 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
> I've been trying to figure out what this header does in Internet
> Explorer 11 and Chrome dev and how we could maybe standardize it.

<img> - Again only Internet Explorer supports this case. The network
layer check is a filter on supported image formats. E.g. both
image/png and image/gif MIME types can proceed and will produce a load
event. However, if both are for a GIF resource that will only decode
with the image/gif MIME type.

That distinction would mean it's no longer just something we could
check in Fetch. It means the image decoder (which typically handles a
bunch of formats) needs to play an active role too. It's not entirely
clear to me why it is desirable to be able to enforce a distinction
between different image formats.


-- 
https://annevankesteren.nl/

Received on Thursday, 2 April 2015 10:22:47 UTC