Letting attacker control content-type, why is this safe?
I found a strange behavior of Shopify, where an attacker can change the extension on a URL and the backend will send back an HTTP content-type matching that extension, for each of these extensions:
atom: application/atom+xml
bmp: image/bm… Continue reading Letting attacker control content-type, why is this safe?