Deprecation

Download Bar

April 23, 2024

In Chromium-based browsers, when a file was downloaded, a preview of the download process appeared in a bar at the bottom, integrated into the browser window. By monitoring the window height, attackers could detect whether the “download bar” opened: // Read the current height of the window var screenHeight = window.innerHeight; // Load the page that may or may not trigger the download window.open('https://example.org'); // Wait for the tab to load setTimeout(() => { // If the download bar appears, the height of all tabs will be smaller if (window. ...

Content-Type

October 1, 2020

Leaking the Content-Type of a request would provide attackers with a new way of distinguishing two requests from each other. typeMustMatch # typeMustMatch is a Boolean that reflects the typeMustMatch attribute of the object element. It ensures that a certain MIME type must be enforced when loading an object, by verifying if the Content-Type of the resource is the same as the one provided in the object. Unfortunately, this enforcement also allowed attackers to leak the Content-Type and Status Codes returned by a website 1. ...