jmarantz commented on issue #1953: Add x content type options nosniff to ipro URL: https://github.com/apache/incubator-pagespeed-mod/pull/1953#issuecomment-583379664 I think it might not be that easy for you to know how to add a test even if you *were* more experienced in C++ :) It's a complex infrastructure. So first of all, thanks for digging in and improving things. I don't think changing SetDefaultHeaders makes sense in this case; I think from context (and distant memory), that function should be renamed SetOriginDefaultHeaders. So what the test is trying to do is to set up a mock fetcher where we pre-set what the origin response headers and body should be. I think you can add a check to https://github.com/apache/incubator-pagespeed-mod/blob/b3349ab11b9a6345f589fba244fcfbc11af69a5a/net/instaweb/rewriter/in_place_rewrite_context_test.cc#L367 which, for JS and CSS files, verifies that the nosniff header is present. Now that is in a helper method which gets called also for jpeg/html files as well, but I think it might be good enough to do only do that check if the URL ends with ".css" or ".js". ``` if (strings::EndsWIth(url, ".js") || strings::EndsWith(url, ".css")) { ... ``` let me know if you need more help. Actually I have another question too: why not put nosniff in for other content types? Of course PageSpeed may change the content-type, but it will be correct coming out of PageSpeed's IPRO flow, and the browser should not second-guess, IMO.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
