On 09/04/18 07:25 PM, Francois Marier wrote:
> We intend to ship same-site cookies in Firefox 61.
This has now been uplifted and will be shipping in Firefox 60.
Status can be tracked on https://wiki.mozilla.org/Security/SameSiteCookies.
Franc
We intend to ship same-site cookies in Firefox 61. This new cookie
attribute allows sites to prevent cross-site requests from using those
cookies which provides a mechanism for web sites to protect themselves
against Cross-Site Request Forgery (CSRF) attacks.
Specification (cookies):
After a year's worth of development, bug fixes, and integration testing,
we are now ready to enable the latest version [1] of the Safe Browsing
API in Firefox 56, two releases ahead of schedule and only a few weeks
behind Chrome.
We do not expect any user-visible changes, but will be running an
The Safe Browsing service we rely on for protection against malware and
deceptive sites is migrating to a new version of the Safe Browsing
protocol. Version 4 will enable Google to quickly send the most relevant
list entries to clients (based on platform and locale for example) as
well as deal
On 15/04/16 03:58 AM, Tanvi Vyas wrote:
> So how about a preference that treats all cookies set in a third party
> context as session cookies. We could restrict this to HTTP, or even
> apply it to third party HTTPS cookies.
We seem to have this already: network.cookie.thirdparty.sessionOnly
On 30/12/14 09:40 PM, Francois Marier wrote:
> Summary: Allow web authors to add integrity checks to sub-resources.
>
> Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=992096
>
> Spec: http://www.w3.org/TR/SRI/
>
> Platforms: all
>
> Estimated or target release:
On 21/05/15 07:01, David Rajchenbach-Teller wrote:
So is there something that ABP developers can do at the moment to
reimplement their code without CPOWs co? And is it documented anywhere
on MDN?
There's nothing like that at the moment, but I'd be happy to work with a
blocklist add-on
On 08/05/15 19:42, Frederik Braun wrote:
I thought that the APIs we brought into Firefox by implementing Tracking
Protection were supposed to provide a better (canonical?) way to hook
your own blocker into Firefox.
Yes, as long as they're willing to stand up a server [1] that serves
their
On 09/04/15 15:39, Seth Fowler wrote:
Sounds like yet another reason to build support and UI for this stuff
directly into the browser.
On that note, Bram from UX has some ideas about what it could look like:
https://wiki.mozilla.org/Security/Contextual_Identity_Project/User_Profiles
On 04/01/15 19:28, Philip Chee wrote:
To me, the default answer to whether we should keep supporting MinGW
is no, merely because it will require time and effort that will not
directly benefit our users as we do not use that compiler to release
Firefox. That is, without someone coming up with
On 31/12/14 19:00, Johnny Stenback wrote:
LGTM, what's the status wrt other browsers supporting this?
Chromium has implemented the same subset of the spec as us (which is
roughly what Level 1 is shaping up to be). It has already landed in
Canary, not sure when they plan on pushing it to the
On 31/12/14 19:09, L. David Baron wrote:
Spec: http://www.w3.org/TR/SRI/
The TR draft of that spec looks a bit out-of-date. Will you be
referring to the editor's draft, and tracking the progress in the
working group, or be in touch with others who are?
Yes, I'm working off of the editor's
On 31/12/14 21:42, Ms2ger wrote:
What's the testing story? Do we pass the web-platform tests
(https://github.com/w3c/web-platform-tests/tree/master/subresource-integrity)?
We do, except for one which relies on ambiguity in the spec and is
currently being discussed [1] in the working group. I
Summary: Allow web authors to add integrity checks to sub-resources.
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=992096
Spec: http://www.w3.org/TR/SRI/
Platforms: all
Estimated or target release: Q1 of 2015
Preference behind which this will be implemented:
14 matches
Mail list logo