Difference between revisions of "Trusted Browser"
From MgmtWiki
(→Problems) |
(→Solutions) |
||
| Line 8: | Line 8: | ||
==Solutions== | ==Solutions== | ||
| + | *Same-site policy has been added and slowly enhanced to block cross-site scripting attacks (CSRF or XSRF) by asserting that a particular cookie should only be sent with requests initiated from the same registrable domain. [https://caniuse.com/#feat=same-site-cookie-attribute This site] describes the varying impact that this policy has on users on the various browsers. | ||
| + | |||
The following proposals are being evaluated: | The following proposals are being evaluated: | ||
*New browser based on Blink | *New browser based on Blink | ||
Revision as of 15:35, 19 March 2019
Full Title or Meme
The best User Agent on an internet connected device is a User Trusted Browser to work only in the user's best interests.
Context
Problems
- The User Agent string provided by the browser in the HTTP header is used now simply to give the web server information on what sort of HTML it can process. It is routinely spoofed and has no security capability what-so-ever.
- The makers of Smart Phone browsers are working to improve the security of the browser experience, details are shown in the following section.
Solutions
- Same-site policy has been added and slowly enhanced to block cross-site scripting attacks (CSRF or XSRF) by asserting that a particular cookie should only be sent with requests initiated from the same registrable domain. This site describes the varying impact that this policy has on users on the various browsers.
The following proposals are being evaluated:
- New browser based on Blink
- Align with some existing browser that want to be considered the best
- Browser extension
- Read evefy img on the page to see if it should be considered a trustmark
- New element, tag on img (attribute or method)
