- From: <bugzilla@jessica.w3.org>
- Date: Thu, 14 Oct 2010 18:17:08 +0000
- To: www-svg@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=11025
Helder Magalhães <helder.magalhaes@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |helder.magalhaes@gmail.com
Platform|Macintosh |All
Resolution| |INVALID
OS/Version|Mac System 9.x |All
Severity|normal |minor
--- Comment #1 from Helder Magalhães <helder.magalhaes@gmail.com> 2010-10-14 18:17:08 UTC ---
Hi Jonathan,
(In reply to comment #0)
> the link:
>
> http://www.w3.org/Bugs/Public/attachment.cgi?id=922
>
> in the bug:
>
> http://www.w3.org/Bugs/Public/show_bug.cgi?id=11015
>
> is not being served as SVG, though it has suffix .svg
> and validates at W3C
Not true. If you use an HTTP protocol analyzer (Wireshark et. al.) or an
on-line tool such as HTTP Web-Sniffer [1] (basically, copy+paste the attachment
link and press submit) you'll see that content type is there:
Content-Type: image/svg+xml; name="ffbug.svg"
What's happening is that "Content-disposition" HTTP header is there as well:
Content-disposition: attachment; filename="ffbug.svg"
This should cause the implementation to force a file download instead of
presenting it. This is often used as an additional protection mechanism, in
order to avoid virus and other sort of malicious attachments in highly
reputable sites. Note that this is a configurable security feature of Bugzilla:
for example, W3C and Apache (Batik et. al. bug tracker) are using it, while
Mozilla (Firefox et. al.) is not.
Cheers,
Helder
[1] http://web-sniffer.net/
--
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Thursday, 14 October 2010 18:17:11 UTC