I believe that this header's value should instead be text/plain; charset=utf-8:
The MIME-type text/plain should prevent browsers from rendering the response as HTML, as the response doesn't contain a HTML document but instead only a short message.
The parameter charset=utf-8 should be the correct way to specify the response's character set, as the current value has a dash (-) instead of an equals sign (=) between charset and utf-8.
This seems to be a typo, and RFC 7231 specifies that an equals sign is required, so the currently set parameter charset-utf-8 doesn't seem to have an actual effect.
Can this be changed / would a PR that changes this value to text/plain; charset=utf-8 be accepted?
When
wai-corsdenies a CORS request the response is given the headerContent-Type: text/html; charset-utf-8, as set here:https://github.com/larskuhtz/wai-cors/blob/7af2f8acff5ddd3557f86d1759c4f6a8ea0ad17b/src/Network/Wai/Middleware/Cors.hs#L531
I believe that this header's value should instead be
text/plain; charset=utf-8:The MIME-type
text/plainshould prevent browsers from rendering the response as HTML, as the response doesn't contain a HTML document but instead only a short message.The parameter
charset=utf-8should be the correct way to specify the response's character set, as the current value has a dash (-) instead of an equals sign (=) betweencharsetandutf-8. This seems to be a typo, and RFC 7231 specifies that an equals sign is required, so the currently set parametercharset-utf-8doesn't seem to have an actual effect.Can this be changed / would a PR that changes this value to
text/plain; charset=utf-8be accepted?