On 11/29/12 1:30 AM, Gordon P. Hemsley wrote: > Based on my reading of the source code, it seems that Gecko treats a > resource served as 'application/octet-stream' as an unknown type which > is sniffed as if no Content-Type was specified. Only for media (<video> and <audio>) loads. Note that the HTML spec requires this behavior for those. > Are there security implications with doing this? In general, yes. Doing this for document loads would be a security nightmare, for example. -BorisReceived on Thursday, 29 November 2012 07:16:13 UTC
This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:48 UTC