- From: Thomas Roessler <tlr@w3.org>
- Date: Thu, 22 Jan 2009 01:47:21 +0100
- To: public-ietf-w3c@w3.org
FYI -- Thomas Roessler, W3C <tlr@w3.org> Begin forwarded message: > From: Ian Hickson <ian@hixie.ch> > Date: 22 January 2009 01:14:14 CEST > To: ietf-http-wg@w3.org > Subject: Two new IDs of relevance to this working group > Archived-At: <http://www.w3.org/mid/Pine.LNX.4.62.0901220012140.29785@hixie.dreamhostps.com > > > > > > As part of our effort to remove from HTML5 sections that are more > appropriate elsewhere, I would like to bring your attention to these > two > new drafts edited by Adam Barth: > > Content-Type Processing Model > http://www.ietf.org/internet-drafts/draft-abarth-mime-sniff-00.txt > Many Web servers supply incorrect Content-Type headers with their > HTTP responses. In order to be compatible with these Web servers, > Web browsers must consider the content of HTTP responses as well as > the Content-Type header when determining the effective mime type of > the response. This document describes an algorithm for determining > the effective mime type of HTTP responses that balances security and > compatibility considerations. > > The HTTP Origin Header > http://www.ietf.org/internet-drafts/draft-abarth-origin-00.txt > This document defines the HTTP Origin header. The Origin header is > added by the user agent to describe the security context that > initiated an HTTP request. HTTP servers can use the Origin header > to > defend themselves against Cross-Site Request Forgery (CSRF) attacks. > > Feedback is welcome. > > -- > Ian Hickson U+1047E ) > \._.,--....,'``. fL > http://ln.hixie.ch/ U+263A /, _.. \ _ > \ ;`._ ,. > Things that are impossible just take longer. `._.-(,_..'-- > (,_..'`-.;.' >
Received on Thursday, 22 January 2009 00:47:34 UTC