- From: Mark Nottingham <mnot@mnot.net>
- Date: Thu, 22 Jan 2009 13:25:33 +1100
- To: Ian Hickson <ian@hixie.ch>
- Cc: ietf-http-wg@w3.org
Thanks, Ian. I don't expect that these will become HTTPBIS WG documents (at least under our current charter), but they are extremely relevant and I'm hoping to see substantial feedback and discussion here by the WG (and other interested comers). Cheers, On 22/01/2009, at 11:14 AM, Ian Hickson wrote: > > > As part of our effort to remove from HTML5 sections that are more > appropriate elsewhere, I would like to bring your attention to these > two > new drafts edited by Adam Barth: > > Content-Type Processing Model > http://www.ietf.org/internet-drafts/draft-abarth-mime-sniff-00.txt > Many Web servers supply incorrect Content-Type headers with their > HTTP responses. In order to be compatible with these Web servers, > Web browsers must consider the content of HTTP responses as well as > the Content-Type header when determining the effective mime type of > the response. This document describes an algorithm for determining > the effective mime type of HTTP responses that balances security and > compatibility considerations. > > The HTTP Origin Header > http://www.ietf.org/internet-drafts/draft-abarth-origin-00.txt > This document defines the HTTP Origin header. The Origin header is > added by the user agent to describe the security context that > initiated an HTTP request. HTTP servers can use the Origin header > to > defend themselves against Cross-Site Request Forgery (CSRF) attacks. > > Feedback is welcome. > > -- > Ian Hickson U+1047E ) > \._.,--....,'``. fL > http://ln.hixie.ch/ U+263A /, _.. \ _ > \ ;`._ ,. > Things that are impossible just take longer. `._.-(,_..'-- > (,_..'`-.;.' > -- Mark Nottingham http://www.mnot.net/
Received on Thursday, 22 January 2009 02:26:13 UTC