Re: PROPOSAL: content sniffing [#155]

Yep. The point I'm making is that because there isn't a RFC2119  
requirement there currently, conforming implementations are fine;  
adding a new one just adds complexity...


On 08/04/2009, at 4:55 PM, Adam Barth wrote:

> Now we're beyond my expertise.  :)
>
> I think the point is to recommend using these headers but let
> conforming implementations use additional information if they need to.
> Maybe something like:
>
> "Implementations MAY use additional information (such as request
> context, response headers, or the entity body itself) in determining
> the data type, but [doing so can have security consequences; see
> Section X.Y.Z]."
>
> Adam
>
>
> On Tue, Apr 7, 2009 at 11:49 PM, Mark Nottingham <mnot@mnot.net>  
> wrote:
>> I don't think a SHOULD is necessary here; 'via' says that they are  
>> part of
>> the process, not necessarily the whole process. SHOULD is a pretty  
>> poor way
>> of clarifying conformance, after all :)
>>
>> I could see s/via/using/ if you think it would help...
>>
>>
>> On 08/04/2009, at 4:31 PM, Adam Barth wrote:
>>
>>> Maybe we should say something like:
>>>
>>> "When an entity-body is included with a message, the data type of  
>>> that
>>> body SHOULD be determined via the header fields Content-Type and
>>> Content-Encoding."
>>>
>>> That seems to clarify the level of conformance required.
>>>
>>> Adam
>>>
>>>
>>> On Tue, Apr 7, 2009 at 11:26 PM, Mark Nottingham <mnot@mnot.net>  
>>> wrote:
>>>>
>>>> I think the disconnect here is that HTTP folks are assuming that  
>>>> this
>>>> statement is made within the scope of HTTP; i.e., someone using  
>>>> HTTP will
>>>> take that value and figure out what to do with it.
>>>>
>>>>
>>>> On 08/04/2009, at 4:21 PM, Adam Barth wrote:
>>>>
>>>>> On Tue, Apr 7, 2009 at 11:00 PM, Mark Nottingham <mnot@mnot.net>  
>>>>> wrote:
>>>>>>
>>>>>> It seems like Mark's proposal is the minimum required to declare
>>>>>> victory,
>>>>>> from an HTTP standpoint at least.
>>>>>>
>>>>>> Remove this text from p3 section 3.2.1:
>>>>>>>
>>>>>>> "If and only if the media type is not given by a Content-Type  
>>>>>>> field,
>>>>>>> the
>>>>>>> recipient MAY attempt to guess the media type via inspection  
>>>>>>> of its
>>>>>>> content
>>>>>>> and/or the name extension(s) of the URI used to identify the
>>>>>>> resource."
>>>>>
>>>>> I'm not an expert at spec reading, but the spec would still say:
>>>>>
>>>>> "When an entity-body is included with a message, the data type  
>>>>> of that
>>>>> body is determined via the header fields Content-Type and
>>>>> Content-Encoding."
>>>>>
>>>>> This seems false since the data type might be determined after  
>>>>> taking
>>>>> other information into account.
>>>>>
>>>>> Adam
>>>>
>>>>
>>>> --
>>>> Mark Nottingham     http://www.mnot.net/
>>>>
>>>>
>>
>>
>> --
>> Mark Nottingham     http://www.mnot.net/
>>
>>


--
Mark Nottingham     http://www.mnot.net/

Received on Wednesday, 8 April 2009 07:07:24 UTC