Index: chrome/browser/renderer_host/buffered_resource_handler.cc |
=================================================================== |
--- chrome/browser/renderer_host/buffered_resource_handler.cc (revision 8447) |
+++ chrome/browser/renderer_host/buffered_resource_handler.cc (working copy) |
@@ -116,7 +116,8 @@ |
request_->GetResponseHeaderByName("x-content-type-options", |
&content_type_options); |
- const bool sniffing_blocked = (content_type_options == "nosniff"); |
+ const bool sniffing_blocked = |
+ LowerCaseEqualsASCII(content_type_options, "nosniff"); |
darin (slow to review)
2009/01/23 15:59:05
good fix
|
const bool we_would_like_to_sniff = |
net::ShouldSniffMimeType(request_->url(), mime_type); |
@@ -131,6 +132,14 @@ |
return true; |
} |
+ if (sniffing_blocked && mime_type.empty()) { |
+ // Ugg. The server told us not to sniff the content but didn't give us a |
+ // mime type. What's a browser to do? Turns out, we're supposed to treat |
+ // the response as "text/plain". This is the most secure option. |
+ mime_type.assign("text/plain"); |
+ response_->response_head.mime_type.assign(mime_type); |
+ } |
+ |
if (ShouldBuffer(request_->url(), mime_type)) { |
// This is a temporary fix for the fact that webkit expects to have |
// enough data to decode the doctype in order to select the rendering |