- From: Henrik Nordström <henrik@henriknordstrom.net>
- Date: Mon, 21 Jun 2010 10:21:54 +0200
- To: Mark Nottingham <mnot@mnot.net>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
lör 2010-06-19 klockan 12:03 +1000 skrev Mark Nottingham:
> Just to the HTTPbis WG: any objections to this revised text for #155?
Would have helped if the text had been quoted together with the
question. I guess from the thread that it's this:
http://lists.w3.org/Archives/Public/ietf-http-wg/2010AprJun/0325.html
In practice, currently-deployed servers sometime provide a
Content-Type header which does not correctly convey the intended
interpretation of the content sent, with the result that some
clients will examine the response body's content and override
the specified type.
Client that do so risk drawing incorrect conclusions, which may
expose additional security risks (e.g., "privilege escalation").
Implementers are encouraged to provide a means of disabling such
"content sniffing" when it is used.
If this is the text you refer to then +1 From me. I think this
represents the general view of the group, and works well together with
the rest of the document text on Content Type.
Regards
Henrik
Received on Monday, 21 June 2010 08:22:30 UTC