H1rono / traq-bot-http-rs

traQ BOTのHTTPリクエストパーサー
https://crates.io/crates/traq-bot-http
MIT License
4 stars 0 forks source link

MIME Sniffing #167

Open H1rono opened 8 months ago

H1rono commented 8 months ago

In practice, resource owners do not always properly configure their origin server to provide the correct Content-Type for a given representation. Some user agents examine the content and, in certain cases, override the received type (for example, see [Sniffing]). This "MIME sniffing" risks drawing incorrect conclusions about the data, which might expose the user to additional security risks (e.g., "privilege escalation").


RFC 9110 - HTTP Semantics #Content-Type

やる必要があるのか?ないです

H1rono commented 8 months ago

https://developer.mozilla.org/ja/docs/Web/HTTP/Basics_of_HTTP/MIME_types#mime_%E3%82%B9%E3%83%8B%E3%83%83%E3%83%95%E3%82%A3%E3%83%B3%E3%82%B0