Disabling TLS/1.0 and TLS/1.1 in the new Edge Browser

UPDATE: Timelines in this post were updated in March 2020 and October 2020 to reflect the best available information. HTTPS traffic is encrypted and protected from snooping and modification by an underlying protocol called Transport Layer Security (TLS). Disabling outdated versions of the TLS security protocol will help move the web forward toward a moreContinue reading “Disabling TLS/1.0 and TLS/1.1 in the new Edge Browser”

bye: FTP Support Is Going Away

Support for the venerable FTP protocol is being removed from Chromium. Standardized in 1971, FTP is not a safe protocol for the modern internet. Its primary defect is lack of support for encryption (FTPS isn’t supported by any popular browsers), although poor support for authentication and other important features (download resumption, proxying) also have hamperedContinue reading “bye: FTP Support Is Going Away”

Improving Privacy by Limiting Referrers

Updated July 31, 2020 to reflect changes planned to ship in Chrome 85 and Edge 86. As your browser navigates from page to page, servers are informed of the URL from where you’ve come from using the Referer HTTP header1; the document.referrer DOM property reveals the same information to JavaScript. Similarly, as the browser downloads theContinue reading “Improving Privacy by Limiting Referrers”

Restrictions on File Urls

For security reasons, Edge 76+ and Chrome impose a number of restrictions on file:// URLs, including forbidding navigation to file:// URLs from non-file:// URLs. If a browser user clicks on a file:// link on an https-delivered webpage, nothing visibly happens. If you open the the Developer Tools console, you’ll see a note: “Not allowed to load local resource:Continue reading “Restrictions on File Urls”

Edge79+ vs. Edge18 vs. Chrome

Note: I expect to update this post over time. Last update: 12/10/2020. Compatibility Deltas As our new Edge Insider builds roll out to the public, we’re starting to triage reports of compatibility issues where Edge79+ (the new Chromium-based Edge, aka Anaheim) behaves differently than the old Edge (Edge18, aka Spartan, aka Edge Legacy) and/or GoogleContinue reading “Edge79+ vs. Edge18 vs. Chrome”

Script-Generated Download Files

As we finish up the next release of Windows 10, my team is hard at work triaging incoming bugs. Here’s a pattern that has come up a few times this month: Bug: I click download in Edge: …but I end up on an error page: Womp womp. If you watch the network traffic, you’ll seeContinue reading “Script-Generated Download Files”