Perhaps constraining what response Content-Types the proxy allows will reduce the opportunities for abuse.
We could even adjust constraints based on URL. For example, maybe we don't always want to allow application/octet-stream but can allow it for URLs whose paths end with .zip, but maybe we could always allow "application/rss+xml" or "application/atom+xml".
Perhaps constraining what response Content-Types the proxy allows will reduce the opportunities for abuse.
We could even adjust constraints based on URL. For example, maybe we don't always want to allow
application/octet-streambut can allow it for URLs whose paths end with.zip, but maybe we could always allow "application/rss+xml" or "application/atom+xml".