W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2009

Re: Content Sniffing impact on HTTPbis - #155

From: Roy T. Fielding <fielding@gbiv.com>
Date: Fri, 5 Jun 2009 10:29:49 +0200
Message-Id: <2544468E-BE92-4DE2-AA53-9D52402E0271@gbiv.com>
Cc: Mark Baker <distobj@acm.org>, Bjoern Hoehrmann <derhoermi@gmx.net>, HTTP Working Group <ietf-http-wg@w3.org>
To: Mark Nottingham <mnot@mnot.net>
On Jun 4, 2009, at 8:01 AM, Mark Nottingham wrote:

> Revised proposal:
>
> Replace this text in p3 3.2.1:
>> If and only if the media type is not given by a Content-Type  
>> field, the recipient MAY attempt to guess the media type via  
>> inspection of its content and/or the name extension(s) of the URI  
>> used to identify the resource. If the media type remains unknown,  
>> the recipient SHOULD treat it as type "application/octet-stream".
> with
>
> """
> If the Content-Type field is not present in a message with a body,  
> the recipient SHOULD assume that the message was sent with a  
> Content-Type of "application/octet-stream".
>
> Note that neither the interpretation of the data type of a message  
> nor the behaviours caused by it are not defined by this  
> specification; this potentially includes examination of the content  
> to override the indicated type ("sniffing").
> """

I think that conflicts with my analysis in the mime-respect TAG finding.
I would prefer that no Content-Type means that the server doesn't know
the media type, thereby allowing the recipient to guess.

....Roy
Received on Friday, 5 June 2009 08:30:27 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:03 GMT