Web-to-App Communication: DirectInvoke

Note: This post is part of a series about Web-to-App Communication techniques. Background Typically, if you want your website to send a document to a client application, you simply send the file as a download. Your server indicates that a file should be treated as a download in one of a few simple ways: Specifying aContinue reading “Web-to-App Communication: DirectInvoke”

Demystifying ClickOnce

As we rebuild Microsoft Edge atop the Chromium open-source platform, we are working through various scenarios that behave differently in the new browser. In most cases, such scenarios also worked differently between 2018’s Edge (aka “Spartan”) and Chrome, but users either weren’t aware of the difference (because they used Trident-derived browsers inside their enterprise) orContinue reading “Demystifying ClickOnce”

Be skeptical of client-reported MIME Content-Types

Over the 14 years that I’ve been working on browsers and the web platform, I’ve seen a lot of bugs where the client’s configuration causes a problem with a website. By default, Windows maintains File Extension to Content Type and Content Type to File Extension mappings mappings in the registry. You can find the former mappings inContinue reading “Be skeptical of client-reported MIME Content-Types”

Content-Types Matter More Than You Think

Every non-empty response from a web server should contain a Content-Type response header that declares the type of content contained in the response. This declaration helps the browser understand how to process the response and can help prevent a number of serious security vulnerabilities. Setting this header properly is more important than ever. The Old DaysContinue reading “Content-Types Matter More Than You Think”