Mark Nottingham

icon indicating a website link https://www.mnot.net/

icon location Melbourne, Australia icon location I work on the Internet.

Results 245 issues of Mark Nottingham

HTTPS-specific checks

7 comment

RED should support HTTPS URLs as well. This means changes in nbhttp as well as some modification of the caching logic.

enhancement

Flag sniffable responses

If a response has a non-HTML media type and no no sniff header, we should raise a security warning. http://mimesniff.spec.whatwg.org/

message

Check headers on 206

3 comment

message

Warn on oversized values

1 comment

E.g., URIs, header blocks, header lines, Expires, max-age, etc. http://blogs.msdn.com/b/ieinternals/archive/2010/01/26/use-max-age-values-less-than-maxint.aspx

message

Detect Content-Length and Transfer-Encoding Conflict

1 comment

message

Detect multiple content-length headers

7 comment

... including duplicates (warn)

message

Non-GET requests, request bodies

enhancement
ui

Show estimated request sizes

Based upon common implementations (list all browsers?), configurations, plus request URI, referer, cookies.

enhancement

Flag weak etag

subreq.py

message

Flag lack of a validator

i.e., no etag or lm

message