Disable the content sniffing algorithm if the server instructs us to do so with the nosniff directive.

For context, see http://blogs.msdn.com/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx

R=deanm,darin

Review URL: http://codereview.chromium.org/12982

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@6422 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 5 insertions, 1 deletions

diff --git a/chrome/browser/resource_dispatcher_host.cc b/chrome/browser/resource_dispatcher_host.cc
index 6ebf412..4b986bc 100644
--- a/chrome/browser/resource_dispatcher_host.cc
+++ b/chrome/browser/resource_dispatcher_host.cc
@@ -1133,7 +1133,11 @@ bool ResourceDispatcherHost::BufferedEventHandler::DelayResponse() {
   std::string mime_type;
   request_->GetMimeType(&mime_type);
 
-  if (net::ShouldSniffMimeType(request_->url(), mime_type)) {
+  std::string content_type_options;
+  request_->GetResponseHeaderByName("x-content-type-options",
+                                    &content_type_options);
+  if (content_type_options != "nosniff" &&
+      net::ShouldSniffMimeType(request_->url(), mime_type)) {
     // We're going to look at the data before deciding what the content type
     // is.  That means we need to delay sending the ResponseStarted message
     // over the IPC channel.