Download Blocking by File Type

I’ve previously spoken about the magic of the File Type Policies component — a mechanism that allows files to be classified by their level of “dangerousness”, such that harmless files (e.g. .txt files) can be downloaded freely, whilst potentially-dangerous files (e.g. .dll files) are subjected to a higher degree of vetting and a more security-consciousContinue reading “Download Blocking by File Type”

Web-to-App Communication: DirectInvoke

Note: This post is part of a series about Web-to-App Communication techniques. Background Typically, if you want your website to send a document to a client application, you simply send the file as a download. Your server indicates that a file should be treated as a download in one of a few simple ways: Specifying aContinue reading “Web-to-App Communication: DirectInvoke”

Demystifying ClickOnce

As we rebuild Microsoft Edge atop the Chromium open-source platform, we are working through various scenarios that behave differently in the new browser. In most cases, such scenarios also worked differently between 2018’s Edge Legacy (aka “Spartan”) and Chrome, but users either weren’t aware of the difference (because they used Trident-derived browsers inside their enterprise)Continue reading “Demystifying ClickOnce”

Script-Generated Download Files

As we finish up the next release of Windows 10, my team is hard at work triaging incoming bugs. Here’s a pattern that has come up a few times this month: Bug: I click download in Edge Legacy: …but I end up on an error page: Womp womp. If you watch the network traffic, you’llContinue reading “Script-Generated Download Files”