DescriptionStop sending the 'CSP' header.
The 'CSP' header is causing CORS preflights when requesting cross-origin
resources, which is going to break a certain number of CDN-hosted
resources on sites that are using CSP. That's no good at all.
Dropping the header for the moment while we work out a reasonable
solution. Ideally, we'd just be reverting the whole implementation
(https://codereview.chromium.org/1009583003/), but since we're almost
certainly going to need to merge this back, this patch leaves most of
the machinery in place, but just neuters the "shouldSendCSPHeader"
check.
See https://github.com/whatwg/fetch/issues/52 for discussion.
BUG=452819
Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=195418
Patch Set 1 #
Total comments: 1
Patch Set 2 : Nit. #
Messages
Total messages: 11 (5 generated)
|