From 423bd5b84aee7a02b62e4e4d8a83d7df6c0943d9 Mon Sep 17 00:00:00 2001
From: "abarth@chromium.org"
 <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Fri, 23 Jan 2009 17:30:50 +0000
Subject: When the server says "nosniff" but then doesn't give us a
 Content-Type we now treat the response as "text/plain".  Before, we treated
 the response as a download.  This behavior is (a) safer and (b) matches what
 we expect in IE8.

R=darin

Review URL: http://codereview.chromium.org/18549

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@8559 0039d316-1c4b-4281-b951-d872f2087c98
---
 chrome/browser/renderer_host/buffered_resource_handler.cc | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'chrome/browser/renderer_host')

diff --git a/chrome/browser/renderer_host/buffered_resource_handler.cc b/chrome/browser/renderer_host/buffered_resource_handler.cc
index 14f6934..ea7d69d 100644
--- a/chrome/browser/renderer_host/buffered_resource_handler.cc
+++ b/chrome/browser/renderer_host/buffered_resource_handler.cc
@@ -116,7 +116,8 @@ bool BufferedResourceHandler::DelayResponse() {
   request_->GetResponseHeaderByName("x-content-type-options",
                                     &content_type_options);
 
-  const bool sniffing_blocked = (content_type_options == "nosniff");
+  const bool sniffing_blocked =
+      LowerCaseEqualsASCII(content_type_options, "nosniff");
   const bool we_would_like_to_sniff =
       net::ShouldSniffMimeType(request_->url(), mime_type);
 
@@ -131,6 +132,14 @@ bool BufferedResourceHandler::DelayResponse() {
     return true;
   }
 
+  if (sniffing_blocked && mime_type.empty()) {
+    // Ugg.  The server told us not to sniff the content but didn't give us a
+    // mime type.  What's a browser to do?  Turns out, we're supposed to treat
+    // the response as "text/plain".  This is the most secure option.
+    mime_type.assign("text/plain");
+    response_->response_head.mime_type.assign(mime_type);
+  }
+
   if (ShouldBuffer(request_->url(), mime_type)) {
     // This is a temporary fix for the fact that webkit expects to have
     // enough data to decode the doctype in order to select the rendering
-- 
cgit v1.1