October 1, 2020
Abuse typeMustMatch, iframes, Content-Type, Status Code
Category Historical
Defenses Deprecation

Leaking the Content-Type of a request could offer an attacker a new way to distinguish two requests from each other. typeMustMatch # typeMustMatch is a boolean that reflects the typeMustMatch attribute of the object element. It ensures a certain MIME type must be enforced when loading an object verifying if the Content-Type of the resource is the same as the one provided in the object. Unfortunately, this enforcement would allow attackers to leak the Content-Type and Status Codes returned by a website 1 ...