MIME Sniffing

[H1rono]

In practice, resource owners do not always properly configure their origin server to provide the correct Content-Type for a given representation. Some user agents examine the content and, in certain cases, override the received type (for example, see [Sniffing]). This "MIME sniffing" risks drawing incorrect conclusions about the data, which might expose the user to additional security risks (e.g., "privilege escalation").

---

RFC 9110 - HTTP Semantics #Content-Type

• Content-Type - HTTP | MDN

やる必要があるのか？ないです

[H1rono]

https://developer.mozilla.org/ja/docs/Web/HTTP/Basics_of_HTTP/MIME_types#mime_%E3%82%B9%E3%83%8B%E3%83%83%E3%83%95%E3%82%A3%E3%83%B3%E3%82%B0