Open Legioth opened 6 years ago
Hello there!
We are sorry that this issue hasn't progressed lately. We are prioritizing issues by severity and the number of customers we expect are experiencing this and haven't gotten around to fix this issue yet.
There are a couple of things you could help to get things rolling on this issue (this is an automated message, so expect that some of these are already in use):
Thanks again for your contributions! Even though we haven't been able to get this issue fixed, we hope you to report your findings and enhancement ideas in the future too!
In addition to the
no-store
header for potentially sensitive responses that was added in #10306 and #10628, there's also a newX-Content-Type-Options: nosniff
header that is used by newly introduced cross-site reading functionality: https://chromium.googlesource.com/chromium/src/+/master/services/network/cross_origin_read_blocking_explainer.md