These security issues are most severe when an "honest" server allows User agent could interpret an HTTP response as a different MIME type than In some cases, these divergent behaviors have had security implications, as a Inevitably, these efforts have not been entirely successful, resulting in Without a clear specification for how to "sniff" the MIME type, each userĪgent has been forced to reverse-engineer the algorithms of other user agents ![]() Historically, web browsers have tolerated these servers by examining theĬontent of HTTP responses in addition to the Content-Type headerįield in order to determine the effective MIME type of the response. Value that does not match the actual contents of the response. However, many HTTP servers supply a Content-Type header field The HTTP Content-Type header field is intended to indicate the 8.9 Sniffing in a cache manifest context.8.3 Sniffing in an audio or video context. ![]()
0 Comments
Leave a Reply. |