nosniff.sub.window.js (1357B)
1 // META: script=/fetch/orb/resources/utils.js 2 // META: script=resources/utils.js 3 4 const path = "http://{{domains[www1]}}:{{ports[http][0]}}/fetch/orb/resources"; 5 6 // This is an exception that allow more MIME types than the ORB spec does. 7 // This is due to web compatibility, but might be removed in the future. 8 // See Bug 1828375 9 promise_test( 10 t => testFetchNoCors( 11 `${path}/text.txt`, 12 null, 13 contentType("text/plain"), 14 contentTypeOptions("nosniff") 15 ), 16 "ORB shouldn't block opaque text/plain with nosniff" 17 ); 18 19 // Due to web compatibility we filter opaque Response object from the 20 // fetch() function in the Fetch specification. See Bug 1823877. This 21 // might be removed in the future. 22 promise_internal_response_is_filtered( 23 testFetchNoCors( 24 `${path}/data.json`, 25 null, 26 contentType("application/json"), 27 contentTypeOptions("nosniff") 28 ), 29 "ORB should filter opaque-response-blocklisted MIME type with nosniff" 30 ); 31 32 // Due to web compatibility we filter opaque Response object from the 33 // fetch() function in the Fetch specification. See Bug 1823877. This 34 // might be removed in the future. 35 promise_internal_response_is_filtered( 36 testFetchNoCors( 37 `${path}/data.json`, 38 null, 39 contentType(""), 40 contentTypeOptions("nosniff") 41 ), 42 "ORB should filter opaque response with empty Content-Type and nosniff" 43 );