When the server says "nosniff" but then doesn't give us a Content-Type we now treat the response as "text/plain". Before, we treated the response as a download. This behavior is (a) safer and (b) matches what we expect in IE8.

R=darin

Review URL: http://codereview.chromium.org/18549

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@8559 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 10 insertions, 1 deletions

diff --git a/chrome/browser/renderer_host/buffered_resource_handler.cc b/chrome/browser/renderer_host/buffered_resource_handler.cc
index 14f6934..ea7d69d 100644
--- a/chrome/browser/renderer_host/buffered_resource_handler.cc
+++ b/chrome/browser/renderer_host/buffered_resource_handler.cc
@@ -116,7 +116,8 @@ bool BufferedResourceHandler::DelayResponse() {
   request_->GetResponseHeaderByName("x-content-type-options",
                                     &content_type_options);
 
-  const bool sniffing_blocked = (content_type_options == "nosniff");
+  const bool sniffing_blocked =
+      LowerCaseEqualsASCII(content_type_options, "nosniff");
   const bool we_would_like_to_sniff =
       net::ShouldSniffMimeType(request_->url(), mime_type);
 
@@ -131,6 +132,14 @@ bool BufferedResourceHandler::DelayResponse() {
     return true;
   }
 
+  if (sniffing_blocked && mime_type.empty()) {
+    // Ugg.  The server told us not to sniff the content but didn't give us a
+    // mime type.  What's a browser to do?  Turns out, we're supposed to treat
+    // the response as "text/plain".  This is the most secure option.
+    mime_type.assign("text/plain");
+    response_->response_head.mime_type.assign(mime_type);
+  }
+
   if (ShouldBuffer(request_->url(), mime_type)) {
     // This is a temporary fix for the fact that webkit expects to have
     // enough data to decode the doctype in order to select the rendering