Confirmed users
236
edits
SecurityEngineering/Newsletter: Difference between revisions
SecurityEngineering/Newsletter (view source)
Revision as of 08:40, 15 February 2017
, 15 February 2017→Content Security: add require-sri-for
(landed "Strict Secure Cookies") |
(→Content Security: add require-sri-for) |
||
| Line 39: | Line 39: | ||
* Content Security Policy | * Content Security Policy | ||
** “strict-dynamic” implemented in Firefox 52, new feature in CSP to aid developers in adoption and creation of effective policies | ** “strict-dynamic” implemented in Firefox 52, new feature in CSP to aid developers in adoption and creation of effective policies | ||
** "require-sri-for" directive, to enforce Subresource Integrity (SRI) through CSP | |||
* Sandbox Hardening | * Sandbox Hardening | ||
** Initial audit of Message Manager and IPDL protocols, work continuing in Q1 | ** Initial audit of Message Manager and IPDL protocols, work continuing in Q1 | ||