Capture Network Logs (NetLog) from Edge and Chrome (and Electron)

Problems in accessing websites can often be found and fixed if the network traffic between the browser and the website is captured as the problem occurs. This short post explains how to capture such logs. Capturing Network Traffic Logs If someone asked you to read this post, chances are good that you were asked toContinue reading “Capture Network Logs (NetLog) from Edge and Chrome (and Electron)”

The Pitfalls of EventSource over HTTP/1.1

While there are many different ways for servers to stream data to clients, the Server-sent Events / EventSource Interface is one of the simplest. Your code simply creates an EventSource and then subscribes to its onmessage callback: Implementing the server side is almost as simple: your handler just prefaces each piece of data it wantsContinue reading “The Pitfalls of EventSource over HTTP/1.1”

AppOrWeb-to-WebApp Communication: Custom Scheme Handlers

I’ve previously written about Web-to-App communication via Application Protocols. App Protocols allow web content to invoke a native application outside of the browser. WebApp advocates (like me!) want to continue to close the native/browser gaps that prevent web applications from becoming full-fledged replacements for native apps. To that end, I’ve recently spent some time lookingContinue reading “AppOrWeb-to-WebApp Communication: Custom Scheme Handlers”

Thoughts on DNS-over-HTTPS

Type https://example.com in your web browser’s address bar and hit enter. What happens? Before connecting to the example.com server, your browser must convert “example.com” to the network address at which that server is located. It does this lookup using a protocol called “DNS.” Today, most DNS transactions are conducted in plaintext (not encrypted) by sending UDP messagesContinue reading “Thoughts on DNS-over-HTTPS”

bye: FTP Support Is Going Away

Support for the venerable FTP protocol is being removed from Chromium. Standardized in 1971, FTP is not a safe protocol for the modern internet. Its primary defect is lack of support for encryption (FTPS isn’t supported by any popular browsers), although poor support for authentication and other important features (download resumption, proxying) also have hamperedContinue reading “bye: FTP Support Is Going Away”

Improving Privacy by Limiting Referrers

Updated July 31, 2020 to reflect changes planned to ship in Chrome 85 and Edge 86. As your browser navigates from page to page, servers are informed of the URL from where you’ve come from using the Referer HTTP header1; the document.referrer DOM property reveals the same information to JavaScript. Similarly, as the browser downloads theContinue reading “Improving Privacy by Limiting Referrers”

Restrictions on File Urls

For security reasons, Edge 76+ and Chrome impose a number of restrictions on file:// URLs, including forbidding navigation to file:// URLs from non-file:// URLs. If a browser user clicks on a file:// link on an https-delivered webpage, nothing visibly happens. If you open the the Developer Tools console, you’ll see a note: “Not allowed to load local resource:Continue reading “Restrictions on File Urls”

Same-Site Cookies By Default

The Chrome team is embarking on a clever and bold plan to change the recipe for cookies. It’s one of the most consequential changes to the web platform in almost a decade, but with any luck, users won’t notice anything has changed. But if you’re a web developer, you should start testing your sites andContinue reading “Same-Site Cookies By Default”

Aw, snap! What if Every Tab Crashes?

For a small number of users of Chromium-based browsers (including Chrome and the new Microsoft Edge) on Windows 10, after updating to 78.0.3875.0, every new tab crashes immediately when the browser starts. Impacted users can open as many new tabs as they like, but each will instantly crash: As of Chrome 81.0.3992, the page will showContinue reading “Aw, snap! What if Every Tab Crashes?”