Risks with NULL Mime type from Amit Aggarwal on 2014-01-02 (ietf-http-wg@w3.org from January to March 2014)

From: Amit Aggarwal <amit.agg@samsung.com>
Date: Thu, 02 Jan 2014 11:58:01 +0900
To: 'HTTP Working Group' <ietf-http-wg@w3.org>
Message-id: <010401cf0766$735e4410$5a1acc30$%agg@samsung.com>

Hello,

 

Happy New Year to everyone.

 

I am not sure if this is the right group for my question. Please advise me
otherwise.

 

 

1)      How safe is it for clients to handle NULL mime types and allow
actions based on file extensions when MIME TYPE is null.


Example:  Server is hosting APK file with NULL MIME TYPE. Most browser will
download it but install may fail if browser is checking MIME TYPE for
appropriate handler. One workaround is to check file extension in this case
and search appropriate handler. 


Are there any potential risks to this approach ? 

 

2)      How common is it to have NULL Mime type files hosted by servers ? 

 

 

 

 

Best Regards

Amit

Received on Thursday, 2 January 2014 02:58:39 UTC