On Thu, May 7, 2009 at 3:35 PM, Aaron Boodman <[email protected]> wrote: > I know that content sniffing is a very dirty business, but.... our crx > files have a very specific format, including a few signature bytes at > the very beginning. What if we supported both a content-type *and* did > content sniffing of downloaded ".crx" files?
I'm sure abarth will reply with the right thing to do :) Generally, the Content-Type restriction is to stop confusion in the case where sites accept uploads of files. If one sniffs the content-type then it might appear that an extension is from a trusted site when it's actually the case that the site just let someone random upload the file. If this is a concern, then we shouldn't accept an extension without the content-type or, maybe, if we content-sniff then we don't say "xyz.com wishes to install an extension", but "An unidentified party wishes to install an extension". > Thoughts? Also, for the content-type, we were thinking > "application/x-chrome-extension". Thoughts on that? That seems good. AGL --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
