[whatwg] First or last Content-Type header?

Adam Barth whatwg at adambarth.com
Tue Jun 2 09:47:35 PDT 2009


On Tue, Jun 2, 2009 at 9:25 AM, Bil Corry <bil at corry.biz> wrote:
> It's less likely to occur legitimately, but more likely to occur under a header injection scenario.

As I wrote before in this thread, if the attacker can inject headers,
there are far more severe attacks than changing the type of an HTTP
response.

Adam



More information about the whatwg mailing list