Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Docs Bug] X-Content-Type-Options for 304 responses #5417

Open
PaperStrike opened this issue Feb 2, 2023 · 0 comments
Open

[Docs Bug] X-Content-Type-Options for 304 responses #5417

PaperStrike opened this issue Feb 2, 2023 · 0 comments
Labels
area:documentation type:bug

Comments

@PaperStrike
Copy link

PaperStrike commented Feb 2, 2023
edited

馃摎 Request documentation enhancements

Description

For 304 responses, webhint should check the initial 200 cache for X-Content-Type-Options. Currently, Webhint DevTools gives false positives on page reloads.

Details

Link: Use X-Content-Type-Options Header | webhint documentation

As per RFC9110 section 15.4.5, a 304 response should only include metadata that guides cache updates, headers including X-Content-Type-Options should not be included until we update its value.

If I've read the relevant source code correctly, part of httpwg/http-core#165 is still relevant that Chrome and Webkit ignore x-content- headers in 304 responses. nosniff should be set on the initial 200. Adding the X-Content-Type-Options header to 304 responses feels like a complete waste.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area:documentation type:bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@PaperStrike