RESOLVED DUPLICATE of bug 236411 192749
Consider strictly enforcing MIME checks for Workers. 
https://bugs.webkit.org/show_bug.cgi?id=192749
Summary Consider strictly enforcing MIME checks for Workers.
Mike West
Reported 2018-12-17 00:58:41 PST
After discussion in https://github.com/whatwg/html/issues/3255 and https://github.com/whatwg/html/pull/4001, Chrome is shipping strict MIME type checks on `importScripts()` in Chrome 71 (https://chromium-review.googlesource.com/c/chromium/src/+/1206270). Intent to Remove thread with discussion and data at https://groups.google.com/a/chromium.org/d/msg/blink-dev/35t5cJQ3J_Q/FH45dl0vAwAJ. It would be lovely if y'all followed suit!
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2018-12-20 17:48:44 PST
<rdar://problem/46889296>
Mike West
Comment 2 2019-11-18 01:44:06 PST
Chrome and Firefox shipped restrictions on `importScripts()` a little while back. We're now both aiming to tighten it to `new {Shared,Service,}Worker()` as well. Perhaps y'all could weigh in, one way or another, on https://github.com/whatwg/html/issues/3255?
Brent Fulgham
Comment 3 2019-11-18 09:04:55 PST
On the surface this seems like a good change. We will definitely dig into this asap!
Domenic Denicola
Comment 4 2020-08-12 14:57:34 PDT
We've now merged the second stage of this into the HTML spec: adding MIME type checks for HTTP(S) worker scripts. See https://github.com/whatwg/html/pull/5302 and the corresponding tests pull request in https://github.com/web-platform-tests/wpt/pull/24983. Firefox is shipping shortly. data: and blob: URL workers are still not checked.
Sam Sneddon [:gsnedders]
Comment 5 2022-07-05 14:00:07 PDT
*** This bug has been marked as a duplicate of bug 236411 ***
Note You need to log in before you can comment on or make changes to this bug.