Unexpectedly HTTPS?

While I’m a firm believer that every site should be using HTTPS, sadly, not every site is yet doing so. Looking at Chrome data, today around 92% of navigations are HTTPS: …and the pages loaded account for around 95% of browsing time: Browsers are working hard to get these numbers up, by locking down non-secureContinue reading “Unexpectedly HTTPS?”

Chromium Internals: PAK Files

Web browsers are made up of much more than the native code (mostly compiled C++) that makes up their .exe and .dll files. A significant portion of the browser’s functionality (and bulk) is what we’d call “resources”, which include things like: Images (at two resolutions, regular and “high-DPI”) Localized UI Strings HTML, JavaScript, and CSSContinue reading “Chromium Internals: PAK Files”

Chromium’s DNS Cache

From the mailbag: Q: How long does Chromium cache hostnames? I know a user can clear the hostname cache using the Clear host cache button on about://net-internals/#dns, but how long it will take for the cache to be removed if no manual action is taken? After changing DNS records on my server, nslookup from aContinue reading “Chromium’s DNS Cache”

The “Magical” Back Button

From the mailbag: Eric, when I am on bing.com in Edge or Chrome and I type https://portal.microsoft.com in the address bar, I go through some authentication redirections and end up on the Office website. If I then click the browser’s Back button, I go back to bing.com. But if I try the same thing inContinue reading “The “Magical” Back Button”

Edge/Chrome Policy Registry Entries

One of the more common problems reported by Enterprises is that certain Edge/Chrome policies do not seem to work properly when the values are written to the registry. For instance, when using the about:policy page to examine the browser’s view of the applied policy, the customer might complain that a policy value they’ve entered inContinue reading “Edge/Chrome Policy Registry Entries”

Smarter Defaults by Paying Attention

As a part of every page load, browsers have to make dozens, hundreds, or even thousands of decisions of varying levels of importance: should a particular API be available? Should a resource load be permitted? Should script be allowed to run? Should video be allowed to start playing automatically? Should cookies or credentials be sentContinue reading “Smarter Defaults by Paying Attention”

MHTML in Chromium

The MHTML file format (aka “Webpage, single file”) allows a single file to contain the multiple resources that are used to load a webpage (script, css, images, etc). Edge (Chromium) has code to provide limited support for MHTML, though it retains an option to use the format when saving the current page via Ctrl+S orContinue reading “MHTML in Chromium”

Adding Protocol Schemes to Chromium

Previously, I’ve written a lot about Application Protocols, which are a simple and popular common mechanism for browsers to send a short string of data out to an external application for handling. For instance, mailto is a common example of a scheme treated as an Application Protocol; if you invoke mailto:someone@somewhere.com, the browser will convertContinue reading “Adding Protocol Schemes to Chromium”

Recognizing Edge Windows

Yesterday, we had a customer reach out to us for help on an issue they’d encountered while writing code to interact with Microsoft Edge windows. Their script enumerated every window in the system, looking for those with Microsoft Edge in the titlebar. They were surprised to discover that the script didn’t recognize any of theirContinue reading “Recognizing Edge Windows”

Debug Native Messaging

Prelude Last month, an Enterprise customer reached out to report that a 3rd-party browser extension they use wasn’t working properly. Investigation of the extension revealed that the browser extension relied upon a NativeMessaging Host (NMH) companion that runs outside of the browser’s sandbox. In reviewing a Process Monitor log provided by the customer, the SupportContinue reading “Debug Native Messaging”