UPDATE: Timelines in this post were updated in March 2020 and October 2020 to reflect the best available information. HTTPS traffic is encrypted and protected from snooping and modification by an underlying protocol called Transport Layer Security (TLS). Disabling outdated versions of the TLS security protocol will help move the web forward toward a moreContinue reading “Disabling TLS/1.0 and TLS/1.1 in the new Edge Browser”
Tag Archives: compatibility
bye: FTP Support Is Going Away
Support for the venerable FTP protocol is being removed from Chromium. Standardized in 1971, FTP is not a safe protocol for the modern internet. Its primary defect is lack of support for encryption (FTPS isn’t supported by any popular browsers), although poor support for authentication and other important features (download resumption, proxying) also have hamperedContinue reading “bye: FTP Support Is Going Away”
Improving Privacy by Limiting Referrers
Updated July 31, 2020 to reflect changes planned to ship in Chrome 85 and Edge 86. As your browser navigates from page to page, servers are informed of the URL from where you’ve come from using the Referer HTTP header1; the document.referrer DOM property reveals the same information to JavaScript. Similarly, as the browser downloads theContinue reading “Improving Privacy by Limiting Referrers”
Restrictions on File Urls
For security reasons, Edge 76+ and Chrome impose a number of restrictions on file:// URLs, including forbidding navigation to file:// URLs from non-file:// URLs. If a browser user clicks on a file:// link on an https-delivered webpage, nothing visibly happens. If you open the the Developer Tools console, you’ll see a note: “Not allowed to load local resource:Continue reading “Restrictions on File Urls”
Edge79+ vs. Edge18 vs. Chrome
Note: I expect to update this post over time. Last update: 12/10/2020. Compatibility Deltas As our new Edge Insider builds roll out to the public, we’re starting to triage reports of compatibility issues where Edge79+ (the new Chromium-based Edge, aka Anaheim) behaves differently than the old Edge (Edge18, aka Spartan, aka Edge Legacy) and/or GoogleContinue reading “Edge79+ vs. Edge18 vs. Chrome”
Script-Generated Download Files
As we finish up the next release of Windows 10, my team is hard at work triaging incoming bugs. Here’s a pattern that has come up a few times this month: Bug: I click download in Edge: …but I end up on an error page: Womp womp. If you watch the network traffic, you’ll seeContinue reading “Script-Generated Download Files”
TLS Fallbacks are Dead
Just over 5 years ago, I wrote a blog post titled “Misbehaving HTTPS Servers Impair TLS 1.1 and TLS 1.2.” In that post, I noted that enabling versions 1.1 and 1.2 of the TLS protocol in IE would cause some sites to load more slowly, or fail to load at all. Sites that failedContinue reading “TLS Fallbacks are Dead”