This moves the checking code back to NS_SniffContent and specifically
checks requests for either:
- Empty `Content-type` header, OR
- A known JSON MIME type
If present, sniffing is allowed despite `nosniff` because in the first
case this is webmaster error (conflicting `nosniff` without MIME type
would always fail, so sniff it), and in the second case we need this
carveout or our json viewer will break.
This fixes a regression for the JSON viewer from part 1 as it relies on
sniffing to prettify (and should carve out the exception even if `nosniff`
headers are sent).
No real functional changes otherwise. Just catering to a corner case.
The imgLoader code consistently uses the term `loadingPrincipal` for
the principal that is called the `triggeringPrincipal` everywhere else.
This aligns the naming to avoid confusion in later changes.
We're currently fairly vague and inconsistent about the values we provide to
content policy implementations for requestOrigin and requestPrincipal. In some
cases they're the triggering principal, sometimes the loading principal,
sometimes the channel principal.
Our existing content policy implementations which require or expect a
loading principal currently retrieve it from the context node.
Since no current callers require the principal to be the loading
principal, and some already expect it to be the triggering principal
(which there's currently no other way to retrieve), a choice was made
to pass the triggering principal whenever possible, but use the loading
principal to determine the origin URL.
Since these are just interpreted comments, there's 0 impact on actual code.
This removes all lines that match /* vim: set(.*)tw=80: */ with S&R -- there are
a few others scattered around which will be removed manually in a second part.
Moonchild
Job Bautista
win7-7
Gaming4JC
wolfbeast
roytam1