Re: Microsoft's "I mean it" content-type parameter

Justin James wrote:
> There are situations where content sniffing makes sense. 

Yes.  There is local file content.  There is unintelligent, ftp based
delivery.  These all need some context that doesn't exist behind the
delivery of the content.

> There are
> situations where it doesn't. The only way to resolve it is to have a flag
> that triggers a "no sniffing mode"; to do it the other way around (with a
> flag that *turns on* sniffing mode) would contradict existing behavior and
> therefore Break The Web.

Nonsense.  HTTP/1.1 defined the mechanism to do just this.  The fact that
vendors ignored this, suffered the consequences on vuln-dev and bugtraq,
and will continue to do so until they follow the protocol reiterates that
sniffing has a place, and within a well defined protocol this isn't it.

Received on Friday, 4 July 2008 03:47:41 UTC