This is a category of problems that can arise when "handover" between different application layers hasn't been tightened. Example: a web application is responsible for generating content, but the web server is responsible for delivering it over the network. The web application does, of course, know what resources it owns, but the web server might set/override the MIME type based on other criteria than the web application. That class of problems is more common as it seems, ie. in the "advanced web security topics" post I talk about how different interpretations of HTTP by proxies and servers lead to HTTP injection vulnerabilities.