- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Wed, 03 Sep 2008 10:46:25 +0200
- To: HTTP Working Group <ietf-http-wg@w3.org>
Quoting: <http://blogs.msdn.com/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx> "MIME-Handling: Sniffing Opt-Out As discussed in Part V of this blog series, Internet Explorer’s MIME-sniffing capabilities can lead to security problems for servers hosting untrusted content. At that time, we announced a new Content-Type attribute (named “authoritative”) which could be used to disable MIME-sniffing for a particular HTTP response. Over the past two months, we’ve received significant community feedback that using a new attribute on the Content-Type header would create a deployment headache for server operators. To that end, we have converted this option into a full-fledged HTTP response header. Sending the new X-Content-Type-Options response header with the value nosniff will prevent Internet Explorer from MIME-sniffing a response away from the declared content-type. ... " BR, Julian
Received on Wednesday, 3 September 2008 08:47:08 UTC