Could be stricter on safelisted CSS and JS MIME types

Question

Could be stricter on safelisted CSS and JS MIME types

annevk opened this issue 4 years ago · 0 comments

In particular, we could require an ok status as well and network error otherwise as the attacker process will do the same. It's not clear how often this would prevent a legitimate security issue, but it seems worth considering.