On 10/6/12 10:36 PM, Collin Anderson wrote:
>
> File extension in URL requested, Content-Type or are they even finding
> their own Content-Type?
>
>
> You are correct, all that it took to trigger the blocking was a php
> file with the following:
>
> header("Content-Type: audio/mpeg");
>
> The server was adding the content-type header to the returned request
> because of the file extension.
Ok.
Many modern browser have their own way to detect mime content type, what
is called "mime sniffing", regardless of what the server say:
* MSIE http://msdn.microsoft.com/en-us/library/ms775148%28v=vs.85%29.aspx
* Mozilla
https://developer.mozilla.org/en-US/docs/How_Mozilla_determines_MIME_Types
* Chrome
http://neugierig.org/software/chromium/notes/2009/01/mime-sniffing.html
So maybe, just throwing away the Content-Type header from an HTTP
responses, could still allow the browser to identify/access the data,
while avoiding the Iranian filter to detect it?
-naif
--
Unsubscribe, change to digest, or change password at:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
