W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2009

Two new IDs of relevance to this working group

From: Ian Hickson <ian@hixie.ch>
Date: Thu, 22 Jan 2009 00:14:14 +0000 (UTC)
To: ietf-http-wg@w3.org
Message-ID: <Pine.LNX.4.62.0901220012140.29785@hixie.dreamhostps.com>


As part of our effort to remove from HTML5 sections that are more 
appropriate elsewhere, I would like to bring your attention to these two 
new drafts edited by Adam Barth:

   Content-Type Processing Model
   http://www.ietf.org/internet-drafts/draft-abarth-mime-sniff-00.txt
   Many Web servers supply incorrect Content-Type headers with their
   HTTP responses.  In order to be compatible with these Web servers,
   Web browsers must consider the content of HTTP responses as well as
   the Content-Type header when determining the effective mime type of
   the response.  This document describes an algorithm for determining
   the effective mime type of HTTP responses that balances security and
   compatibility considerations.

   The HTTP Origin Header
   http://www.ietf.org/internet-drafts/draft-abarth-origin-00.txt
   This document defines the HTTP Origin header.  The Origin header is
   added by the user agent to describe the security context that
   initiated an HTTP request.  HTTP servers can use the Origin header to
   defend themselves against Cross-Site Request Forgery (CSRF) attacks.

Feedback is welcome.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 22 January 2009 00:14:50 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:00 GMT