Should add "Content-Disposition" to response header?
nevermoe opened this issue · comments
It's better to add Content-Disposition: attachment; filename="api.json"
to response header in the case that some browsers had the vulnerability of nosniff
bypass. But for keeping this guideline simple, maybe this shouldn't be added. How do you think?