Tuesday, July 31, 2018

New comment by daxterspeed in "A new security header: Feature Policy"

I understand your sentiment but I do wonder what the extent would actually be. The largest website are more than capable of adapting, and older sites are more likely to either not use any JavaScript or only accept http traffic (which is already a lost cause). I suppose the ones would take the biggest hit would be the people running WordPress blogs with various (already insecure) site plugins.

Suppose if these security changes would slowly get imposed over all https traffic in a coordinated fashion among the major browser vendors over a large time span? https requires some periodic maintenance anyway, so it shouldn't add an unreasonable workload.

I worry that this isn't happening because the ad industry (including Google) doesn't want to take responsibility over distributing untrustworthy and insecure code.

from Hacker News: "WordPress" comments https://ift.tt/2Ov7Uju
via IFTTT

No comments:

Post a Comment

Show HN: rtrvr.ai – AI Web Agent for Automating Workflows and Data Extraction

Hey HN, I'm excited to share rtrvr.ai, a Chrome extension that brings the power of AI agents to your everyday web browsing. It's de...