Inline files sandox #207
Description
Files served with Content-Disposition: inline create a serious security issue when any form of authentication in browser gets implemented. For example, a html file can run javascript on the same origin, as API endpoints and make use o user's credentials. We can't be sure, that only files with Content-Type: text/html create that issue, as it is not standarized to my knowlege and depends on browser implementation.