[liberationtech] Iran blocks MP3, MP4, AVI and SWF files
Fabio Pietrosanti (naif)
lists at infosecurity.ch
Sat Oct 6 13:45:22 PDT 2012
On 10/6/12 10:36 PM, Collin Anderson wrote:
>
> File extension in URL requested, Content-Type or are they even finding
> their own Content-Type?
>
>
> You are correct, all that it took to trigger the blocking was a php
> file with the following:
>
> header("Content-Type: audio/mpeg");
>
> The server was adding the content-type header to the returned request
> because of the file extension.
Ok.
Many modern browser have their own way to detect mime content type, what
is called "mime sniffing", regardless of what the server say:
* MSIE http://msdn.microsoft.com/en-us/library/ms775148%28v=vs.85%29.aspx
* Mozilla
https://developer.mozilla.org/en-US/docs/How_Mozilla_determines_MIME_Types
* Chrome
http://neugierig.org/software/chromium/notes/2009/01/mime-sniffing.html
So maybe, just throwing away the Content-Type header from an HTTP
responses, could still allow the browser to identify/access the data,
while avoiding the Iranian filter to detect it?
-naif
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20121006/e7435968/attachment.html>
More information about the liberationtech
mailing list