- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 22 Jan 2009 00:14:14 +0000 (UTC)
- To: ietf-http-wg@w3.org
As part of our effort to remove from HTML5 sections that are more appropriate elsewhere, I would like to bring your attention to these two new drafts edited by Adam Barth: Content-Type Processing Model http://www.ietf.org/internet-drafts/draft-abarth-mime-sniff-00.txt Many Web servers supply incorrect Content-Type headers with their HTTP responses. In order to be compatible with these Web servers, Web browsers must consider the content of HTTP responses as well as the Content-Type header when determining the effective mime type of the response. This document describes an algorithm for determining the effective mime type of HTTP responses that balances security and compatibility considerations. The HTTP Origin Header http://www.ietf.org/internet-drafts/draft-abarth-origin-00.txt This document defines the HTTP Origin header. The Origin header is added by the user agent to describe the security context that initiated an HTTP request. HTTP servers can use the Origin header to defend themselves against Cross-Site Request Forgery (CSRF) attacks. Feedback is welcome. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 22 January 2009 00:14:50 UTC