はてなブックマーク

There's been a lot of concern recently about the Web Environment Integrity proposal, developed by a selection of authors from Google, and apparently being prototyped in Chromium. There's good reason for anger here (though I'm not sure yelling at people on GitHub is necessarily the best outlet). This proposal amounts to attestation on the web, limiting access to features or entire sites based on wh

Certificate transparency is superb improvement to HTTPS certificate security on the web that's great for users and businesses, but on Android it creates a huge problem for the many developer tools like HTTP Toolkit which install trusted system certificates into Android to intercept & debug app traffic. This doesn't appear in the main announcements anywhere, but buried deep in the enterprise releas

If you run any large public-facing website or web application on the modern web, caching your static content in a CDN or other caching service is super important. It's also remarkably complicated and confusing. Fortunately, the HTTP working group at the Internet Engineering Task Force (IETF) is working to define new HTTP standards to make this better. There's been a lot of work here recently to la

There's been a lot of discussion recently about how "Safari is the new IE" (1, 2, 3, 4, 5). I don't want to rehash the basics of that, but I have seen some interesting rebuttals, most commonly: Safari is actually protecting the web, by resisting adding unnecessary and experimental features that create security/privacy/bloat problems. That is worth further discussion, because it's widespread, and w

HTTP(S) is the glue that binds together modern architectures, passing requests between microservices and connecting web & mobile apps alike to the APIs they depend on. What if you could embed scripts directly into that glue? By doing so, you could: Inject errors, timeouts and unusual responses to test system reliability. Record & report traffic from all clients for later analysis. Redirect request

Nothing is ever finished or perfect, and HTTP is no exception. HTTP QUERY is a new HTTP method, for safe requests that include a request body. It's still early & evolving, but it was recently adopted as an IETF draft standard, and it's going to add some great new tools for HTTP development everywhere. What does that mean, why do we need a new HTTP method, how would HTTP QUERY work? Update: This po

Will it CORS?Cross-Origin Resource Sharing (CORS) is how browsers decide how web applications can communicate with other services. Restricting this is important for security, but it's hard to understand how CORS works, which means sending HTTP requests to APIs can be difficult & confusing. Tell this magic CORS machine what you want, and it'll tell you exactly what to do!

The TypeScript 3.7 release is coming soon, and it's going to be a big one. The target release date is November 5th, and there's some seriously exciting headline features included: Assert signatures Recursive type aliases Top-level await Null coalescing Optional chaining Personally, I'm super excited about this, they're going to whisk away all sorts of annoyances that I've been fighting in TypeScri

On mobile? Send a link to your computer to download HTTP Toolkit there: