- From: Gordon P. Hemsley <gphemsley@gmail.com>
- Date: Fri, 16 Nov 2012 17:19:37 -0500
- To: whatwg List <whatwg@whatwg.org>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=19865 Microsoft introduced the X-Content-Type-Options header in IE8 back in 2008: http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx I would like to integrate the header into mimesniff and describe its proper usage. Right now, it allows one parameter: 'nosniff'. I would like to allow the presence of this parameter to set the 'no-sniff flag' that I just introduced into mimesniff (in addition to that flag's existing duties): http://mimesniff.spec.whatwg.org/#no-sniff-flag But I would also like to fully spec the header, while leaving open the possibility that other values may be added in the future. In addition, I would like to, if I could, also allow the header to be specified without the 'X-' prefix (so as 'Content-Type-Options'), for that reason (and because of best current practice). Does anyone have any questions, comments, or objections about this issue? -- Gordon P. Hemsley me@gphemsley.org http://gphemsley.org/ • http://gphemsley.org/blog/
Received on Friday, 16 November 2012 22:24:41 UTC