- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Tue, 10 Mar 2015 09:25:14 +0100
- To: Devdatta Akhawe <dev.akhawe@gmail.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Tue, Mar 10, 2015 at 12:03 AM, Devdatta Akhawe <dev.akhawe@gmail.com> wrote: > The SRI spec currently doesn't enforce the mime-type and should say > something like "insist on this mime type, even after sniffing". > Unfortunately, content-type sniffing (afaik) isn't really spec'ed so it is > not clear how to put that in the spec. https://mimesniff.spec.whatwg.org/ is what browsers implement though there's various differences still unfortunately. -- https://annevankesteren.nl/
Received on Tuesday, 10 March 2015 08:25:37 UTC