Re: Content Sniffing impact on HTTPbis - #155

On Jun 4, 2009, at 8:01 AM, Mark Nottingham wrote:

> Revised proposal:
>
> Replace this text in p3 3.2.1:
>> If and only if the media type is not given by a Content-Type  
>> field, the recipient MAY attempt to guess the media type via  
>> inspection of its content and/or the name extension(s) of the URI  
>> used to identify the resource. If the media type remains unknown,  
>> the recipient SHOULD treat it as type "application/octet-stream".
> with
>
> """
> If the Content-Type field is not present in a message with a body,  
> the recipient SHOULD assume that the message was sent with a  
> Content-Type of "application/octet-stream".
>
> Note that neither the interpretation of the data type of a message  
> nor the behaviours caused by it are not defined by this  
> specification; this potentially includes examination of the content  
> to override the indicated type ("sniffing").
> """

I think that conflicts with my analysis in the mime-respect TAG finding.
I would prefer that no Content-Type means that the server doesn't know
the media type, thereby allowing the recipient to guess.

....Roy

Received on Friday, 5 June 2009 08:30:27 UTC