CSC/ECE 517 Fall 2016/M1654. Improve network security features: Difference between revisions
(Added intro about Referrer Policy) |
(Added information about Strict Origin referrer Policy and Strict origin when Cross origin referrer policy) |
||
Line 17: | Line 17: | ||
=== Referrer Policy === | === Referrer Policy === | ||
Referrer is a HTTP header field which contains the source of the URL that requested the web page. Referrer-policy dictates algorithm used to generate Referrer header when a new web page is requested. | Referrer is a HTTP header field which contains the source of the URL that requested the web page. Referrer-policy dictates algorithm used to generate Referrer header when a new web page is requested. | ||
=='''Project Description'''== | |||
The project entails adding improved network security features for Servo engine by supplementing the existing Referrer-policies with 'strict origin' and 'strict origin when cross origin' policies. | |||
=== Referrer Policies added in this project === | |||
==== Strict Origin ==== | |||
[https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin Strict Origin] Referrer Policy dictates that the Referrer in HTTP header is always filled with the stripped URL of the origin and not the complete URL. | |||
==== Strict origin When Cross Origin ==== | |||
[https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin Strict Origin When Cross Origin] Referrer Policy dictates that the Referrer in HTTP header is filled with the stripped URL of the origin if the request is sent to a URL different from the origin and the complete URL is sent when making [https://en.wikipedia.org/wiki/Same-origin_policy same origin] requests. | |||
== '''Implementation''' == |
Revision as of 21:36, 28 October 2016
M1654: Improve network security features for Servo (cookies and strict referrer policies)
Servo supports standard [HTTP cookies] and parts of the Referral-Policy web standard. The project aims at increasing the security available to Servo browser users by implementing secure standards and complete the missing parts of the existing implementations. The project involves adding "strict" version of existing referrer policies.
Introduction
Rust
Rust is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.title
Servo
Servo is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.
Referrer Policy
Referrer is a HTTP header field which contains the source of the URL that requested the web page. Referrer-policy dictates algorithm used to generate Referrer header when a new web page is requested.
Project Description
The project entails adding improved network security features for Servo engine by supplementing the existing Referrer-policies with 'strict origin' and 'strict origin when cross origin' policies.
Referrer Policies added in this project
Strict Origin
Strict Origin Referrer Policy dictates that the Referrer in HTTP header is always filled with the stripped URL of the origin and not the complete URL.
Strict origin When Cross Origin
Strict Origin When Cross Origin Referrer Policy dictates that the Referrer in HTTP header is filled with the stripped URL of the origin if the request is sent to a URL different from the origin and the complete URL is sent when making same origin requests.