- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Wed, 02 Jul 2008 22:52:31 +0200
- To: HTTP Working Group <ietf-http-wg@w3.org>, "public-html@w3.org" <public-html@w3.org>
Hi, (crossposted to both the HTTPbis WG's and HTML5 WG's mailing lists...) looking at <http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx>: "MIME-Handling: Sniffing Opt-Out Next, we’ve provided web-applications with the ability to opt-out of MIME-sniffing. Sending the new authoritative=true attribute on the Content-Type HTTP response header prevents Internet Explorer from MIME-sniffing a response away from the declared content-type." Let's ignore the issue of inventing a new media type parameter for all new media types for a moment... It's good that MS recognizes that content-type-sniffing may be bad and that they are doing something about it. But is this really the right approach? BR, Julian
Received on Wednesday, 2 July 2008 20:53:18 UTC