I-D icon indicating copy to clipboard operation
I-D copied to clipboard
verified publisher icon dret

content-warning: security considerations, processing unexisting body

Open ioggstream opened this issue 5 years ago • 0 comments

I expect

more security considerations, eg.

An intermediary could alter by chance or purpose a Content-Warning header. Implementors SHOULD validate the payload body to avoid that this results in:

  • processing an unexisting body
  • looking for warning attribute in a response with an unsuitable Content-Type
  • Not processing an actually present warning attribute in the payload.

ioggstream avatar Apr 08 '20 11:04 ioggstream