On 11/29/12 1:30 AM, Gordon P. Hemsley wrote:
Based on my reading of the source code, it seems that Gecko treats a
resource served as 'application/octet-stream' as an unknown type which
is sniffed as if no Content-Type was specified.

Only for media (<video> and <audio>) loads. Note that the HTML spec requires this behavior for those.

Are there security implications with doing this?

In general, yes. Doing this for document loads would be a security nightmare, for example.

-Boris

Reply via email to