January 04, 2019

Episode 80 - MIME Sniffing

Listen Later

11 minutes

Any content served through HTTP “should” include meta data about its type. This is so the browser/client knows what to do with the content it receives. For example, if the content type header is an image the browser will preview it, if it is HTML it will render the markup and execute any javascript code.

Content type however is optional and web masters sometimes don’t set it, which leave the browsers wondering about the content type it is consuming. So browsers had to implement parsing and “sniffing” techniques to detect the type of content when a content type header was not served.

However, this caused security problems and attacks that we explain in this video! So to prevent sniffing, web servers can return X-Content-Type-Options: nosniff which opts out browsers from sniffing the content.

Media type: https://en.wikipedia.org/wiki/Media_type#Common_examples

Cheers!

Hussein Nasser

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

The Backend Engineering Show with Hussein Nasser

By Hussein Nasser

4.9

4040 ratings

January 04, 2019

Episode 80 - MIME Sniffing

Listen Later

11 minutes

Any content served through HTTP “should” include meta data about its type. This is so the browser/client knows what to do with the content it receives. For example, if the content type header is an image the browser will preview it, if it is HTML it will render the markup and execute any javascript code.

Content type however is optional and web masters sometimes don’t set it, which leave the browsers wondering about the content type it is consuming. So browsers had to implement parsing and “sniffing” techniques to detect the type of content when a content type header was not served.

However, this caused security problems and attacks that we explain in this video! So to prevent sniffing, web servers can return X-Content-Type-Options: nosniff which opts out browsers from sniffing the content.

Media type: https://en.wikipedia.org/wiki/Media_type#Common_examples

Cheers!

Hussein Nasser

...more

More shows like The Backend Engineering Show with Hussein Nasser

Freakonomics Radio by Freakonomics Radio + Stitcher

Freakonomics Radio

32,267 Listeners

Software Engineering Radio - the podcast for professional software developers by team@se-radio.net (SE-Radio Team)

Software Engineering Radio - the podcast for professional software developers

273 Listeners

Risky Business by Patrick Gray

Risky Business

373 Listeners

Science Vs by Spotify Studios

Science Vs

12,172 Listeners

Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

Syntax - Tasty Web Development Treats

990 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

8,108 Listeners

Practical AI by Practical AI LLC

Practical AI

212 Listeners

Within Reason by Alex J O'Connor

Within Reason

1,659 Listeners

All-In with Chamath, Jason, Sacks & Friedberg by All-In Podcast, LLC

All-In with Chamath, Jason, Sacks & Friedberg

10,224 Listeners

Dwarkesh Podcast by Dwarkesh Patel

Dwarkesh Podcast

551 Listeners

Big Technology Podcast by Alex Kantrowitz

Big Technology Podcast

513 Listeners

Hard Fork by The New York Times

Hard Fork

5,546 Listeners

The AI Daily Brief: Artificial Intelligence News and Analysis by Nathaniel Whittemore

The AI Daily Brief: Artificial Intelligence News and Analysis

662 Listeners

Prof G Markets by Vox Media Podcast Network

Prof G Markets

1,471 Listeners

The Pragmatic Engineer by Gergely Orosz

The Pragmatic Engineer

74 Listeners