RE: Content Sniffing impact on HTTPbis - #155

mån 2009-06-01 klockan 14:22 -0500 skrev Brian Smith:
> Mark Nottingham wrote:
> > The text in question is in p3 section 3.2.1:
> > > If and only if the media type is not given by a Content-Type field,
> > > the recipient MAY attempt to guess the media type via inspection of
> > > its content and/or the name extension(s) of the URI used to identify
> > > the resource. If the media type remains unknown, the recipient
> > > SHOULD treat it as type "application/octet-stream".
> "If and only if...MAY..." is not the same as "MUST NOT ... if not". That is,
> the above statement doesn't forbid an implementation from doing content
> sniffing since it isn't a MUST NOT requirement.

Correct, it's just a SHOULD NOT, which is the level it should be.

The text as-is tries to say that receiving agents SHOULD NOT attempt to
guess the media type of the message if there is an Content-Type
indication. This means that from the protocol perspective it's
recommended the media type indication in the protocol is what is used
for determining the media type of the enclosed entity. This does not
forbid agents from using other means for finding the media type as there
is no MUST level requirements, but clearly sets the tone on what the
HTTP protocol considers as authoritative media type indication for the
entity contained within the HTTP message.

Imho the correct resolution of #155 is to remove just the text "and only
if", softening the tone just slightly. Removing the whole condition on
when guessing/sniffing is allowed opens it up too much, downgrading the
whole text almost to the level of pure ignorance, giving a general MAY
level rule that sniffing/guessing of the media type is allowed under all
conditions which is not what the HTTP protocol intends.


Received on Friday, 12 June 2009 23:49:24 UTC