Bug 174250

Summary: [GTK][WPE] Enable X-Content-Type-Options: nosniff
Product: WebKit Reporter: Yusuke Suzuki <ysuzuki>
Component: WebKitGTKAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: bugs-noreply, cgarcia, clopez, dbates, mcatanzaro
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 174289    
Attachments:
Description Flags
Patch clopez: review+

Description Yusuke Suzuki 2017-07-07 04:19:33 PDT 
Let's enable X-Content-Type-Options: nosniff. It is now enabled in Apple ports.
https://webkit.org/blog/7614/release-notes-for-safari-technology-preview-30/
Comment 1 Yusuke Suzuki 2017-07-07 05:02:52 PDT 
Created attachment 314831 [details]
Patch
Comment 2 Carlos Alberto Lopez Perez 2017-07-07 05:22:12 PDT 
Comment on attachment 314831 [details]
Patch

I don't see any reason to not enable this by default, so let's do it. Thanks!
Comment 3 Yusuke Suzuki 2017-07-07 05:45:23 PDT 
Committed r219255: <http://trac.webkit.org/changeset/219255>
Comment 4 Michael Catanzaro 2017-07-07 08:55:53 PDT 
Since this is now enabled on all ports, we should be able to remove the build flag, right? Any reason to keep it?
Comment 5 Daniel Bates 2017-07-07 19:13:21 PDT 
(In reply to Michael Catanzaro from comment #4)
> Since this is now enabled on all ports, we should be able to remove the
> build flag, right? Any reason to keep it?

I agree that we should remove the build flag.
Comment 6 Yusuke Suzuki 2017-07-07 22:41:30 PDT 
(In reply to Daniel Bates from comment #5)
> (In reply to Michael Catanzaro from comment #4)
> > Since this is now enabled on all ports, we should be able to remove the
> > build flag, right? Any reason to keep it?
> 
> I agree that we should remove the build flag.

Good call! I've just opened and uploaded the patch :)
https://bugs.webkit.org/show_bug.cgi?id=174289