CORB should block event-stream, gzip and x-www-form-urlencoded.

This CL adds CORB coverage for: 1) text/event-stream, application/x-www-form-urlencoded, based on the code review discussion in a previous CL here: https://chromium-review.googlesource.com/c/chromium/src/+/1604244/4/services/network/cross_origin_read_blocking.cc#227 2) application/gzip, which wasn't mentioned explicitly in the CR discussion above, but which is ranked #212 in the spreadsheet mentioned in whatwg/fetch#860 (comment) and therefore probably should have been included in r659671 together with x-gzip (ranked #54) and zip (ranked #71). Bug: 802836 Change-Id: I8c10f900110a2cb471437a19425bfd5e38aed2fe Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1628809 Reviewed-by: Charlie Reis <creis@chromium.org> Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org> Cr-Commit-Position: refs/heads/master@{#663824}
web-platform-tests · May 28, 2019 · 8b65062 · 8b65062
1 parent a6a3a63
commit 8b65062
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/fetch/corb/script-resource-with-nonsniffable-types.tentative.sub.html b/fetch/corb/script-resource-with-nonsniffable-types.tentative.sub.html
@@ -53,9 +53,12 @@
 // Some mime types should be protected by CORB without any kind
 // of confirmation sniffing.
 protected_mime_types = [
+  "application/gzip",
   "application/x-gzip",
   "application/x-protobuf",
+  "application/x-www-form-urlencoded",
   "application/zip",
+  "text/event-stream",
   // TODO(lukasza): https://crbug.com/944162: Add application/pdf and
   // text/csv to the list of content types tested here (after
   // kMimeHandlerViewInCrossProcessFrame gets enabled by default).