Html get content type

Properly configuring server MIME types

MIME types describe the media type of content, either in email, or served by web servers or web applications. They are intended to help provide a hint as to how the content should be processed and displayed.

• text/html for HTML documents.
• text/plain for plain text.
• text/css for Cascading Style Sheets.
• text/javascript for JavaScript files.
• text/markdown for Markdown files.
• application/octet-stream for binary files where user action is expected.

Server default configurations vary wildly and set different default MIME-type values for files with no defined content type.

Versions of the Apache Web Server before 2.2.7 were configured to report a MIME type of text/plain or application/octet-stream for unknown content types. Modern versions of Apache report none for files with unknown content types.

Nginx will report text/plain if you don’t define a default content type.

As new content types are invented or added to web servers, web administrators may fail to add the new MIME types to their web server’s configuration. This is a major source of problems for users of browsers that respect the MIME types reported by web servers and applications.

Why are correct MIME types important?

If a web server or application reports an incorrect MIME type for content (including a «default type» for unknown content), a web browser has no way of knowing the author’s intentions. This may cause unexpected behavior.

Some web browsers may try to guess the correct MIME type. This allows misconfigured web servers and applications to continue working for those browsers (but not other browsers that correctly implement the standard). Apart from violating the HTTP spec, this is a bad idea for a couple of other significant reasons:

If the browser ignores the reported MIME type, web administrators and authors no longer have control over how their content is to be processed.

For example, a website oriented for web developers might wish to send certain example HTML documents as either text/html or text/plain in order to have the documents either processed and displayed as HTML or as source code. If the browser guesses the MIME type, this option is no longer available to the author.

Some content types, such as executable programs, are inherently unsafe. For this reason, these MIME types are usually restricted in terms of what actions a web browser will take when given that type of content. An executable program should not be executed on the user’s computer and should at least cause a dialog to appear asking the user if they wish to download the file.

MIME type guessing has led to security exploits in Internet Explorer that were based upon a malicious author incorrectly reporting a MIME type of a dangerous file as a safe type. This bypassed the normal download dialog, resulting in Internet Explorer guessing that the content was an executable program and then running it on the user’s computer.

JavaScript legacy MIME types

When looking for information about JavaScript MIME types, you may see several MIME types that reference JavaScript. Some of these MIME types include:

• application/javascript
• application/ecmascript
• application/x-ecmascript
• application/x-javascript
• text/ecmascript
• text/javascript1.0
• text/javascript1.1
• text/javascript1.2
• text/javascript1.3
• text/javascript1.4
• text/javascript1.5
• text/x-ecmascript
• text/x-javascript

While browsers may support any, some, or all of these alternative MIME types, you should only use text/javascript to indicate the MIME type of JavaScript files.

Note: See MIME types (IANA media types) for more information.

How to determine the MIME type to set

There are several ways to determine the correct MIME type value to be used to serve your content.

• If your content was created using commercial software, read the vendor’s documentation to see what MIME types should be reported for the application.
• Look in IANA’s MIME Media Types registry, which contains information on all registered MIME types.
• Search for the file extension in FILExt or the File extensions reference to see what MIME types are associated with that extension. Pay close attention as the application may have multiple MIME types that differ by only one letter.

How to check the MIME type of received content

• In Firefox
  • Load the file and go to Tools > Page Info to get the content type for the page you accessed.
  • You can also go to Tools > Web Developer > Network and reload the page. The request tab gives you a list of all the resources the page loaded. Clicking on any resource will list all the information available, including the page’s Content-Type header.
  • Load the file and go to View > Developer > Developer Tools and choose the Network tab. Reload the page and select the resource you want to inspect. Under headers look for Content-Type and it will report the content type of the resource.
  • According to the standards, the element that specifies the MIME type should be ignored if there’s a Content-Type header available.

  IANA keeps a list of registered MIME Media Types. The HTTP specification defines a superset of MIME types, which is used to describe the media types used on the web.

  How to set up your server to send the correct MIME types

  The goal is to configure your server to send the correct Content-Type header for each document.

  • If you’re using the Apache web server, check the Media Types and Character Encodings section of Apache Configuration: .htaccess for examples of different document types and their corresponding MIME types.
  • If you’re using Nginx, note that Nginx does not have a .htaccess equivalent tool, so all changes will go into the main configuration file.
  • If you’re using a server-side script or framework to generate content, the way to indicate the content type will depend on the tool you’re using. Check the framework or library’s documentation.

  Regardless of what server system you use, the effect you need to achieve is to set a response header with the name Content-Type , followed by a colon and space, followed by a MIME type. High-level environments often allow such headers to be set when generating the page. For example, in a PHP environment, you could set the response header for PDF resources like this:

  header('Content-Type: application/pdf') 

  Trying to instead set it with just header(‘application/pdf’) won’t work.

  Related Links

  Found a content problem with this page?

  This page was last modified on Jul 3, 2023 by MDN contributors.

  Your blueprint for a better internet.

  Источник

  Content-Type

  Заголовок-сущность Content-Type используется для того, чтобы определить MIME тип ресурса.

  В ответах сервера заголовок Content-Type сообщает клиенту, какой будет тип передаваемого контента. В некоторых случаях браузеры пытаются сами определить MIME тип передаваемого контента, но их реакция может быть неадекватной. Чтобы предотвратить такие ситуации, вы можете установить в заголовке X-Content-Type-Options значение nosniff .

  В запросах (таких, как POST или PUT ), клиент сообщает серверу тип отправляемых данных.

  Тип заголовка	Entity header
  Forbidden header name	нет
  CORS-safelisted response-header	да

  Синтаксис

  Content-Type: text/html; charset=utf-8 Content-Type: multipart/form-data; boundary=something

  Директивы

  Директива boundary обязательна для составных сущностей. Она содержит от 1 до 70 символов (не должна заканчиваться пробелом), которые без искажений пройдут через шлюзы email и служит для корректной инкапсуляции всех частей составной сущности.

  Примеры

  Content-Type в HTML формах

  В POST запросе, сгенерированном в результате отправки HTML формы, Content-Type запроса определяется в атрибуте enctype тега .

  form action="/" method="post" enctype="multipart/form-data"> input type="text" name="description" value="some text"> input type="file" name="myFile"> button type="submit">Submitbutton> form> 

  Запрос в этом случае может выглядеть так (менее интересные заголовки опущены):

  POST /foo HTTP/1.1 Content-Length: 68137 Content-Type: multipart/form-data; boundary=---------------------------974767299852498929531610575 -----------------------------974767299852498929531610575 Content-Disposition: form-data; name="description" some text -----------------------------974767299852498929531610575 Content-Disposition: form-data; name="myFile"; filename="foo.txt" Content-Type: text/plain (content of the uploaded file foo.txt) -----------------------------974767299852498929531610575--

  Спецификации

  Спецификация	Заголовок
  RFC 7233, секция 4.1: Content-Type in multipart	Hypertext Transfer Protocol (HTTP/1.1): Range Requests
  RFC 7231, секция 3.1.1.5: Content-Type	Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content

  Совместимость с браузерами

  BCD tables only load in the browser

  Смотрите также

  Found a content problem with this page?

  This page was last modified on 26 окт. 2022 г. by MDN contributors.

  Your blueprint for a better internet.

  Источник

  Content-Type

  Content-Type заголовок представления используется , чтобы указать исходный тип носителя ресурса (до любого кодирования контента применяется для отправки).

  В ответах заголовок Content-Type предоставляет клиенту фактический тип возвращаемого содержимого. Значение этого заголовка можно игнорировать, например, когда браузеры выполняют сниффинг MIME; установите для заголовка X-Content-Type-Options значение nosniff , чтобы предотвратить такое поведение.

  В запросах (таких как POST или PUT ) клиент сообщает серверу, какой тип данных фактически отправляется.

  Header type	Representation header
  Запрещенное имя заголовка	no
  Заголовок ответа с CORS-запретом	yes
  Заголовок запроса с CORS-защитой	да, с дополнительным ограничением, что значения не могут содержать байт заголовка запроса CORS-unsafe : 0x00-0x1F (кроме 0x09 (HT)), «():<>?@[\]<> и 0x7F (DEL) . Он также должен иметь MIME-тип его анализируемого значения (без учета параметров): application/x-www-form-urlencoded , multipart/form-data или text/plain .

  Syntax

  Content-Type: text/html; charset=UTF-8 Content-Type: multipart/form-data; boundary=something

  Directives

  Стандарт кодирования символов.

  Для составных объектов требуется boundary директива. Директива состоит из от 1 до 70 символов из набора символов (и не заканчивается пробелом), которые, как известно, очень надежны для шлюзов электронной почты. Он используется для инкапсуляции границ нескольких частей сообщения. Часто к границе заголовка добавляются два тире, а к последней границе добавляются два тире в конце.

  Examples

  Content-Type в HTML-формах

  В запросе POST , полученном в результате enctype HTML-формы, Content-Type запроса указывается атрибутом enctype в элементе .

  form action="/" method="post" enctype="multipart/form-data"> input type="text" name="description" value="some text" /> input type="file" name="myFile" /> button type="submit">Submit button> form> 

  Запрос выглядит примерно так (здесь опущены менее интересные заголовки):

  POST /foo HTTP/1.1 Content-Length: 68137 Content-Type: multipart/form-data; boundary=---------------------------974767299852498929531610575 -----------------------------974767299852498929531610575 Content-Disposition: form-data; name="description" some text -----------------------------974767299852498929531610575 Content-Disposition: form-data; name="myFile"; filename="foo.txt" Content-Type: text/plain (content of the uploaded file foo.txt) -----------------------------974767299852498929531610575-- 

  Specifications

  Источник