In general, you should not care what Operating System visitors are using to visit your website. If you attempt to be clever, you will often get it wrong and cause problems that are an annoyance for users and a hassle for me to debug. So avoid trying to be nosy/clever if at all possible. ThatContinue reading “Determining OS Platform Version”
Author Archives: ericlaw
Inspecting Certificates in Edge
Curious about how to see a website’s HTTPS certificate in Microsoft Edge? You’ve got two options: A companion post to 2017’s post Inspecting Certificates in Chrome.
Leaky Abstractions
In the late 1990s, the Windows Shell and Internet Explorer teams introduced a bunch of brilliant and intricate designs that allowed extension of the shell and the browser to handle scenarios beyond what those built by Microsoft itself. For instance, Internet Explorer supported the notion of pluggable protocols (“What if some protocol, say, FTPS, becomesContinue reading “Leaky Abstractions”
Offline NetLog Viewing
A while back, I explained how you can use Telerik Fiddler or the Catapult NetLog Viewer to analyze a network log captured from Microsoft Edge, Google Chrome, or another Chromium or Electron-based application. While Fiddler is a native app that runs locally, the Catapult NetLog Viewer is a JavaScript application that runs in your browser.Continue reading “Offline NetLog Viewing”
Download Blocking by File Type
I’ve previously spoken about the magic of the File Type Policies component — a mechanism that allows files to be classified by their level of “dangerousness”, such that harmless files (e.g. .txt files) can be downloaded freely, whilst potentially-dangerous files (e.g. .dll files) are subjected to a higher degree of vetting and a more security-consciousContinue reading “Download Blocking by File Type”
Per-Site Permissions in Edge
Last year, I wrote about how the new Microsoft Edge browser mostly ignores Security Zones (except in very rare circumstances) to configure security and permissions decisions. Instead, in Chromium per-site permissions are controlled by settings and policies expressed using a simple syntax with limited wildcarding support. Settings Page’s Site Permissions and Group Policy Internet ExplorerContinue reading “Per-Site Permissions in Edge”
Specifying Per-Site Policy with Chromium’s URL Filter Format
Chromium-based browsers like Microsoft Edge make very limited use of Windows Security Zones. Instead, most permissions and features that offer administrators per-site configuration via policy rely on lists of rules in the URL Filter Format. Filters are expressed in a syntax that is similar to other matching rules, but different enough to cause confusion. ForContinue reading “Specifying Per-Site Policy with Chromium’s URL Filter Format”
Web Proxy Authentication
Last year, I wrote about how the new Microsoft Edge’s adoption of the Chromium stack changed proxy determination away from the Windows Service (WinHTTP Proxy Service) to similar but not identical code in Chromium. This change mostly goes unnoticed, but it can have performance and functionality implications. In today’s post, I want to explore anotherContinue reading “Web Proxy Authentication”
window.close() Restrictions
Sometimes, Web Developers are surprised to find that the window.close() API doesn’t always close the browser window. When looking at the Developer Tools console, they’ll see a message like: Scripts may close only the windows that were opened by them. Why Do Browsers Limit close()? Before we dive into what factors govern what happens whenContinue reading “window.close() Restrictions”
Sandboxing vs. Elevated Browsing (As Administrator)
The Web Browser is the most security-critical application on most users’ systems– it accepts untrusted input from servers anywhere in the world, parses that input using dozens to hundreds of parsers, and renders the result locally as fast as it can. For performance reasons, almost all code in almost all browsers is written in memory-unsafeContinue reading “Sandboxing vs. Elevated Browsing (As Administrator)”
