As you surmise, I mean to say the *setting* should be enabled.  That is, content type determination should be *disabled* for all uploads.

On 03/20/2011 02:16 PM, Eric Shubert wrote:
> On 03/20/2011 01:11 AM, Joseph Sinclair wrote:
>>
>> There are tools to check your site and ensure everything is clean with extensions, metadata, etc...  Those should be used by everyone developing a website.
>> There are also settings to disable content-type-determination on uploads, and those should ALWAYS be enabled.
> 
> I'd like to be clear about this. Do you mean to say that the setting to disable content-type-determination should be enabled (which appears to be what you said), or that the content-type-determination setting should be enabled?
> 
>> It's OK to guess the content type of a file in the filesystem, but an HTTP PUT request is supposed to *tell* you the mime type, and if it doesn't then the sender simply cannot be trusted to put content to your site.
>>
>> Just my thoughts on the matter.
>>
>> ==Joseph++
>>
>