This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
The Content-Disposition HTTP header is handled in page navigation in HTML so HTML Imports so far doesn't care about that. As the header is sometimes used as a protection mechanism, it'd be better for HTML Imports to see it, and probably just make it an error if there is Content-Disposition header in the response. The concept isn't compatible to HTML Imports anyway. I feel this a bit too defensive, but we can start from conservative side.
Originally reported here: https://crbug.com/439877
https://github.com/w3c/webcomponents/commit/c8f94b1819e661d7fad8309de976a766fb70fd1c