- From: Adrien de Croy <adrien@qbik.com>
- Date: Wed, 30 May 2007 09:28:06 +1200
- To: Henrik Nordstrom <henrik@henriknordstrom.net>
- CC: 'HTTP Working Group' <ietf-http-wg@w3.org>
Henrik Nordstrom wrote: > ons 2007-05-30 klockan 09:07 +1200 skrev Adrien de Croy: > > >> I can still forsee some issues if headers like Content-Type are >> permitted in a trailer though. >> > > It is permitted, but no sane implementations should place it there, or > need to place it there.. > That's an opportunity for another RFC perhaps - the "things should be sane" RFC :) I see this more potentially as a possible exploit by rogue servers to bypass security etc. e.g. porn sites or similar. There aren't really that many response headers that it makes sense to base policy on, but Content-Type is a key one. Regards Adrien > Regards > Henrik >
Received on Tuesday, 29 May 2007 21:27:56 UTC