[wp-trac] [WordPress Trac] #10671: Opt-out of content snuffing for admin ajax
WordPress Trac
wp-trac at lists.automattic.com
Fri Aug 21 22:27:39 UTC 2009
#10671: Opt-out of content snuffing for admin ajax
----------------------------+-----------------------------------------------
Reporter: niallkennedy | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Unassigned
Component: Administration | Version:
Severity: normal | Keywords: ajax
----------------------------+-----------------------------------------------
Browsers such as Internet Explorer include a MIME-sniffing feature that
scans the beginning of a downloaded resource to determine the correct MIME
render mode regardless of the Content-Type header.
[http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-v
-comprehensive-protection.aspx Internet Explorer 8] and
[http://src.chromium.org/viewvc/chrome?view=rev&revision=6985 Chromium]
allow page authors to opt-out of the sniff, asserting they don't need
content to pass through such a feature.
Adding a HTTP Header of "X-Content-Type-Options: nosniff" eliminates the
sniffing process, speeding up content rendering.
Opting-out of browser MIME sniff is especially beneficial on small Ajax
payloads. Starting with admin-ajax.php and index-extra.php from wp-admin
for that reason.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10671>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list