[whatwg] [mimesniff] The X-Content-Type-Options header
Gordon P. Hemsley
gphemsley at gmail.com
Fri Nov 16 14:19:37 PST 2012
https://www.w3.org/Bugs/Public/show_bug.cgi?id=19865
Microsoft introduced the X-Content-Type-Options header in IE8 back in 2008:
http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx
I would like to integrate the header into mimesniff and describe its
proper usage.
Right now, it allows one parameter: 'nosniff'. I would like to allow
the presence of this parameter to set the 'no-sniff flag' that I just
introduced into mimesniff (in addition to that flag's existing
duties):
http://mimesniff.spec.whatwg.org/#no-sniff-flag
But I would also like to fully spec the header, while leaving open the
possibility that other values may be added in the future.
In addition, I would like to, if I could, also allow the header to be
specified without the 'X-' prefix (so as 'Content-Type-Options'), for
that reason (and because of best current practice).
Does anyone have any questions, comments, or objections about this issue?
--
Gordon P. Hemsley
me at gphemsley.org
http://gphemsley.org/ • http://gphemsley.org/blog/
More information about the whatwg
mailing list