Search Mailing List Archives
[liberationtech] Iran blocks MP3, MP4, AVI and SWF files
Fabio Pietrosanti (naif)
lists at infosecurity.ch
Sat Oct 6 13:45:22 PDT 2012
On 10/6/12 10:36 PM, Collin Anderson wrote:
> File extension in URL requested, Content-Type or are they even finding
> their own Content-Type?
> You are correct, all that it took to trigger the blocking was a php
> file with the following:
> header("Content-Type: audio/mpeg");
> The server was adding the content-type header to the returned request
> because of the file extension.
Many modern browser have their own way to detect mime content type, what
is called "mime sniffing", regardless of what the server say:
* MSIE http://msdn.microsoft.com/en-us/library/ms775148%28v=vs.85%29.aspx
So maybe, just throwing away the Content-Type header from an HTTP
responses, could still allow the browser to identify/access the data,
while avoiding the Iranian filter to detect it?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the liberationtech