Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Docs Bug] Header advice wrong #2342

Closed
annevk opened this issue May 1, 2019 · 1 comment · Fixed by #2618
Closed

[Docs Bug] Header advice wrong #2342

annevk opened this issue May 1, 2019 · 1 comment · Fixed by #2618
Assignees
@sarvaje
Labels
area:documentation type:bug
Milestone
1906-2

Comments

@annevk
Copy link

annevk commented May 1, 2019

In w3c/webappsec#520 @Malvoz pointed me to https://webhint.io/docs/user-guide/hints/hint-no-html-only-headers/ which states that certain headers only apply to HTML content. Most if not all of these are relevant to XML. And Content-Security-Policy is also relevant to workers, which use a JavaScript MIME type (typically).

X-Frame-Options might be relevant to any response really.
@Malvoz Malvoz mentioned this issue May 1, 2019
Closed
@antross
Copy link
Member

antross commented May 1, 2019

@annevk thanks for pointing this out!

XML definitely should be included in the documentation; webhint's CLI already treats XML with the same rules as HTML for this hint.

The worker case is also interesting and not currently covered. I agree webhint should allow this, though if possible still flag the headers when a script is being used somewhere other than a worker. I'll open a separate issue to track updating the implementation.

Now that I'm looking I also see some of the outdated, experimental headers listed here should probably move to webhint's Disallowed HTTP Headers as they should really no longer be used regardless of resource type (e.g. X-WebKit-CSP). I'll open a separate issue for this too.

This was referenced May 1, 2019
Closed
Open
@Malvoz Malvoz mentioned this issue Jun 7, 2019
Closed
@antross antross added this to the 1906-2 milestone Jun 10, 2019
@sarvaje sarvaje self-assigned this Jun 18, 2019
sarvaje added a commit to sarvaje/hint that referenced this issue Jun 18, 2019
@sarvaje
Docs: Add XML and javascript to documentation
59d0873 
Fix webhintio#2342
@sarvaje sarvaje mentioned this issue Jun 18, 2019
Merged
4 tasks
antross pushed a commit that referenced this issue Jun 21, 2019
@sarvaje @antross
Fix: Treat XML like HTML and allow CSP headers for scripts
fbb8ff3 
Fix #2349
Fix #2342
Close #2618
@Malvoz Malvoz mentioned this issue Dec 3, 2019
Open
@antross antross mentioned this issue May 22, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sarvaje sarvaje

Labels
area:documentation type:bug
Projects
None yet
Milestone
1906-2
Development

Successfully merging a pull request may close this issue.

Fix no html only headers sarvaje/hint
3 participants
@antross @annevk @sarvaje