Lofesa commented on issue #1953: Add x content type options nosniff to ipro URL: https://github.com/apache/incubator-pagespeed-mod/pull/1953#issuecomment-583401542 Well.... I appreciate the work people have done in this module, I use it for free and get advantanges using it so I try to help to maintain the module so is a take and give "contract". In a first instance I have set the x-content-type-options nosniff unconditionaly to all resources optimized by IPRO cause I try to solve my own problem with a js file loaded by a js script that have stripped the header by IPRO but then in a response to a issue in the mod-pagespeed-discuss list make me think about this in images optimized by IPRO where the content-type mismacht with the file extension, in this case, if the nosniff stuff is set, the image won´t load. Why not other types? As far as I know, IPRO only works whit html,css,js and images. Images can have a content-type mismacht so this discard images for set the header, html can be or not a file (think in the pretty url from wordpress) so is hard to determine if if the resource is html or not, css and js files are the good options to set the nosniff, optimized by IPRO or not, their type don´t change. And at last, the [spec for the x-conten-type-options nosniff](https://fetch.spec.whatwg.org/#x-content-type-options-header) is intended for css and js files.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
