CORB should block event-stream, gzip and x-www-form-urlencoded.

anforowicz · chromium-wpt-export-bot · commit 57f06d069eb6 · 2019-05-24T12:52:57.000-07:00
This CL adds CORB coverage for: 1) text/event-stream, application/x-www-form-urlencoded, based on the code review discussion in a previous CL here: https://chromium-review.googlesource.com/c/chromium/src/+/1604244/4/services/network/cross_origin_read_blocking.cc#227 2) application/gzip, which wasn't mentioned explicitly in the CR discussion above, but which is ranked #212 in the spreadsheet mentioned in whatwg/fetch#860 (comment) and therefore probably should have been included in r659671 together with x-gzip (ranked #54) and zip (ranked #71). Bug: 802836 Change-Id: I8c10f900110a2cb471437a19425bfd5e38aed2fe
diff --git a/fetch/corb/script-resource-with-nonsniffable-types.tentative.sub.html b/fetch/corb/script-resource-with-nonsniffable-types.tentative.sub.html
@@ -53,9 +53,12 @@
 // Some mime types should be protected by CORB without any kind
 // of confirmation sniffing.
 protected_mime_types = [
+  "application/gzip",
   "application/x-gzip",
   "application/x-protobuf",
+  "application/x-www-form-urlencoded",
   "application/zip",
+  "text/event-stream",
   // TODO(lukasza): https://crbug.com/944162: Add application/pdf and
   // text/csv to the list of content types tested here (after
   // kMimeHandlerViewInCrossProcessFrame gets enabled by default).
