I’ve written about Same Origin Policy a bunch over the years, with a blog series mapping it to the Read/Write/Execute mental model. More recently, I wrote about why Content-Type headers matter for same-origin-policy enforcement. I’ve just read a great paper on cross-origin infoleaks and current/future mitigations. If you’re interested in browser security, it’s definitely worth a read.
Tag Archives: standards
Building the moarTLS Analyzer
HTTP Caching Public Service Announcement
There are many interesting thing to say about HTTP caching. I’ve blogged about them a lot in the past. Today’s public service announcement to clear up two extremely common misconceptions: 1. The no-cache directive does not mean “do not cache” (even though IE versions prior to IE10 implemented it that way). What it really meansContinue reading “HTTP Caching Public Service Announcement”
History The new UI of Internet Explorer 7 included a dedicated search box adjacent to the address bar, like the then-new Firefox. As IE7 was built between 2004 and 2006, Microsoft didn’t have a very credible entry into the search engine market—Bing wouldn’t appear until 2009. The IE team made a wise decision in supportContinue reading “OpenSearch”