[mapguide-internals] MIME type for MapGuide packages
Kenneth Skovhede, GEOGRAF A/S
ks at geograf.dk
Mon May 11 02:59:33 EDT 2009
I tested it with the link below in IE8, and it renames it to .zip :(
I think there is a difference in how you use the link.
I pasted it into the adress line.
Regards, Kenneth Skovhede, GEOGRAF A/S
Jason Birch skrev:
> Here's a version with the MIME type set to application/octet-stream:
>
> http://www.jasonbirch.com/temp/Sheboygan.mgp
>
> This works for me, but the MSDN reference on the MIME sniffing "feature" seems to indicate that it may be safer to use an unambiguous content type (like the vnd... version I was talking about):
>
> http://msdn.microsoft.com/en-us/library/ms775147.aspx
>
> Jason
>
> ----- Original Message -----
> Sent: Sun May 10 13:20:52 2009
> Subject: Re: [mapguide-internals] MIME type for MapGuide packages
>
> That won't work.
> IE uses "MIME sniffing" meaning that it reads the first few bytes of the
> file, and sees that it is
> a zip file, and then disregards all other indicators, like mime headers,
> filename etc.
>
> It even has a special security bug due to this (also explains how it works):
> http://www.h-online.com/security/Risky-MIME-sniffing-in-Internet-Explorer--/features/112589
>
> Instead, I propose that the MapGuide server looks for both .mpg and .zip
> files in the packages folder.
>
> Regards, Kenneth Skovhede, GEOGRAF A/S_______________________________________________
> mapguide-internals mailing list
> mapguide-internals at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapguide-internals
>
More information about the mapguide-internals
mailing list