- From: Adam Barth <w3c@adambarth.com>
- Date: Wed, 11 Feb 2009 16:43:43 -0800
- To: Breno de Medeiros <breno@google.com>
- Cc: Eran Hammer-Lahav <eran@hueniverse.com>, "www-talk@w3.org" <www-talk@w3.org>
On Wed, Feb 11, 2009 at 4:40 PM, Breno de Medeiros <breno@google.com> wrote: > Yes, but your solution prevents legitimate use cases that are a higher value > proposition. How does: On Wed, Feb 11, 2009 at 3:22 PM, Adam Barth <w3c@adambarth.com> wrote: > 2) Add a section to Security Considerations that explains that > applications using host-meta should consider adding requirement (1) [strict Content-Type processing]. prevent legitimate use cases? It's not the ideal solution because it passes the buck to application-land, but its orders of magnitude better than laying a subtle trap for those folks. Adam
Received on Thursday, 12 February 2009 00:44:23 UTC