It's better to add Content-Disposition: attachment; filename="api.json" to response header in the case that some browsers had the vulnerability of nosniff bypass. But for keeping this guideline simple, maybe this shouldn't be added. How do you think?
It's better to add
Content-Disposition: attachment; filename="api.json"to response header in the case that some browsers had the vulnerability ofnosniffbypass. But for keeping this guideline simple, maybe this shouldn't be added. How do you think?