W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2008

Microsoft's "I mean it" content-type parameter

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 02 Jul 2008 22:52:31 +0200
Message-ID: <486BEA8F.50208@gmx.de>
To: HTTP Working Group <ietf-http-wg@w3.org>, "public-html@w3.org" <public-html@w3.org>

Hi,

(crossposted to both the HTTPbis WG's and HTML5 WG's mailing lists...)

looking at 
<http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx>:

"MIME-Handling: Sniffing Opt-Out

Next, we’ve provided web-applications with the ability to opt-out of 
MIME-sniffing. Sending the new authoritative=true attribute on the 
Content-Type HTTP response header prevents Internet Explorer from 
MIME-sniffing a response away from the declared content-type."

Let's ignore the issue of inventing a new media type parameter for all 
new media types for a moment...

It's good that MS recognizes that content-type-sniffing may be bad and 
that they are doing something about it. But is this really the right 
approach?

BR, Julian
Received on Wednesday, 2 July 2008 20:53:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:52 GMT