Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Browsers
Microsoft Edge
Microsoft Edge Developers build info
Message
<blockquote data-quote="Lenny_Fox" data-source="post: 860022" data-attributes="member: 82776"><p>To deal with Meltdown and Spectre like attacks new cross origin API and data exchance protections are introduces by W3C to implement across browsers (see for instance <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin_Resource_Policy_(CORP)" target="_blank">CORP</a> and <a href="https://www.w3.org/TR/cors/" target="_blank">CORS</a>).</p><p></p><p>Probably these newer cross site protections don't combine well with the Windows OS enforced AppContainer rights restrictions. As a result Google is introducing the new Multi-origin trusted web activities (<a href="https://developers.google.com/web/updates/2020/01/twa-multi-origin" target="_blank">TWA</a>). Keep an eye on the flags, you will see more cross-origin or CORP or CORS experiments in future related to these new cross-site-origin mitigation policies.</p><p></p><p>After AppContainer for renderer was removed a new Site Permission (allow file edit access) was introduced. Microsoft Edge chromium does not have this Site Permission, but has this file access mitigation combined with ask save-as for downloads (small difference with Edge and Chrome, when this setting is enabled, Edge also blocks save-as web-pages and Chrome does not).</p><p></p><p>AppContainer restricted file access and had some capabilities (e.g. internet access) which could be set or limited on demand. It looks that the new File Edit site permission has replaced the most important access right restriction of AppContainer.</p><p></p><p>The future is bright in terms of security <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite110" alt=";)" title="Wink ;)" loading="lazy" data-shortname=";)" /> (privacy is a different ball game <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite132" alt=":unsure:" title="Unsure :unsure:" loading="lazy" data-shortname=":unsure:" />)</p></blockquote><p></p>
[QUOTE="Lenny_Fox, post: 860022, member: 82776"] To deal with Meltdown and Spectre like attacks new cross origin API and data exchance protections are introduces by W3C to implement across browsers (see for instance [URL='https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin_Resource_Policy_(CORP)']CORP[/URL] and [URL='https://www.w3.org/TR/cors/']CORS[/URL]). Probably these newer cross site protections don't combine well with the Windows OS enforced AppContainer rights restrictions. As a result Google is introducing the new Multi-origin trusted web activities ([URL='https://developers.google.com/web/updates/2020/01/twa-multi-origin']TWA[/URL]). Keep an eye on the flags, you will see more cross-origin or CORP or CORS experiments in future related to these new cross-site-origin mitigation policies. After AppContainer for renderer was removed a new Site Permission (allow file edit access) was introduced. Microsoft Edge chromium does not have this Site Permission, but has this file access mitigation combined with ask save-as for downloads (small difference with Edge and Chrome, when this setting is enabled, Edge also blocks save-as web-pages and Chrome does not). AppContainer restricted file access and had some capabilities (e.g. internet access) which could be set or limited on demand. It looks that the new File Edit site permission has replaced the most important access right restriction of AppContainer. The future is bright in terms of security ;) (privacy is a different ball game :unsure:) [/QUOTE]
Insert quotes…
Verification
Post reply
Top
