| commit | 84348c2dc81a524fe94aaea3e3d9f967135338ef | [log] [tgz] |
|---|---|---|
| author | Baokun Lee <nototon@gmail.com> | Sun Apr 15 20:11:10 2018 +0800 |
| committer | Brad Fitzpatrick <bradfitz@golang.org> | Wed Apr 18 02:54:17 2018 +0000 |
| tree | 94abb405d1cb2dbfa2192537974bf7cbd16b4609 | |
| parent | 8d16fa6dc9a85c1cd3ed24ad08ff21cf94f10888 [diff] |
http2: don't sniff Content-type in Server when X-Content-Type-Options:nosniff The header X-Content-Type-Options:nosniff is an explicit directive that content-type should not be sniffed. ---- https://fetch.spec.whatwg.org/#x-content-type-options-header defines the X-Content-Type-Options header. ["Polyglots: Crossing Origins by Crossing Formats"](http://citeseerx.ist.psu.edu /viewdoc/download?doi=10.1.1.905.2946&rep=rep1&type=pdf) explains Polyglot attacks in more detail. Fixes golang/go#24795 Change-Id: Ibcc2d6a561394392ad0bf112eecc01c43823a2a2 Reviewed-on: https://go-review.googlesource.com/107295 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
This repository holds supplementary Go networking libraries.
The easiest way to install is to run go get -u golang.org/x/net. You can also manually git clone the repository to $GOPATH/src/golang.org/x/net.
This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html. The main issue tracker for the net repository is located at https://github.com/golang/go/issues. Prefix your issue with “x/net:” in the subject line, so it is easy to find.