W3C home > Mailing lists > Public > public-ietf-w3c@w3.org > January 2009

Fwd: Two new IDs of relevance to this working group

From: Thomas Roessler <tlr@w3.org>
Date: Thu, 22 Jan 2009 01:47:21 +0100
Message-Id: <9C998AAA-7623-42C4-B186-34CFBD9308F6@w3.org>
To: public-ietf-w3c@w3.org

FYI
--
Thomas Roessler, W3C  <tlr@w3.org>




Begin forwarded message:

> From: Ian Hickson <ian@hixie.ch>
> Date: 22 January 2009 01:14:14 CEST
> To: ietf-http-wg@w3.org
> Subject: Two new IDs of relevance to this working group
> Archived-At: <http://www.w3.org/mid/Pine.LNX.4.62.0901220012140.29785@hixie.dreamhostps.com 
> >
>
>
>
> As part of our effort to remove from HTML5 sections that are more
> appropriate elsewhere, I would like to bring your attention to these  
> two
> new drafts edited by Adam Barth:
>
>   Content-Type Processing Model
>   http://www.ietf.org/internet-drafts/draft-abarth-mime-sniff-00.txt
>   Many Web servers supply incorrect Content-Type headers with their
>   HTTP responses.  In order to be compatible with these Web servers,
>   Web browsers must consider the content of HTTP responses as well as
>   the Content-Type header when determining the effective mime type of
>   the response.  This document describes an algorithm for determining
>   the effective mime type of HTTP responses that balances security and
>   compatibility considerations.
>
>   The HTTP Origin Header
>   http://www.ietf.org/internet-drafts/draft-abarth-origin-00.txt
>   This document defines the HTTP Origin header.  The Origin header is
>   added by the user agent to describe the security context that
>   initiated an HTTP request.  HTTP servers can use the Origin header  
> to
>   defend themselves against Cross-Site Request Forgery (CSRF) attacks.
>
> Feedback is welcome.
>
> -- 
> Ian Hickson               U+1047E                ) 
> \._.,--....,'``.    fL
> http://ln.hixie.ch/       U+263A                /,   _.. \   _ 
> \  ;`._ ,.
> Things that are impossible just take longer.   `._.-(,_..'-- 
> (,_..'`-.;.'
>
Received on Thursday, 22 January 2009 00:47:34 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 22 January 2009 00:47:36 GMT