2 Browser security
This chapter covers
- How a web browser protects its users
- How to set HTTP response headers to lock down where your web application can load resources from and what actions JavaScript can perform
- How the browser manages network and disk access
- How cookies are secured by the browser
- How browsers can inadvertently leak history information
In his 1970 textbook States of Matter, the science writer David L. Goodstein starts out with the following ominous introduction:
Ludwig Boltzmann, who spent most of his life studying statistical mechanics, died in 1906, by his own hand. Paul Ehrenfest, carrying on the work, died similarly in 1933. Now it is our turn to study statistical mechanics.
We will probably never know why Goodstein strikes up such a depressing note (and we can only hope he was feeling more cheerful by the end of the book!). Nevertheless, we can relate to the sense of trepidation when cracking open a textbook and immediately diving into abstract principles. So, I will warn you upfront: the next four chapters of this book deal with the principles of web security.