![]() These caches are owned by and dedicated to a single user, implemented in their web browser. Some are controlled by the server, some by the user, and some by intermediaries. Some caches are dedicated to a single user, some to multiple users. There are often multiple layers of cache. Resources are cached by the browser only # Common misconceptions about HTTP caches # 1. The attacker can then read the personalized resource using a Spectre attack.Īlthough a web browser's HTTP cache doesn't allow this type of attack to happen in practice, additional caches exist outside of the browser's immediate control.However, a cache may return the credentialled response instead. COEP:credentialless is set by the browser, so the resource is fetched without cookies.The attacker requests the resource again.The attacker loads a cross-origin isolated page.If the Cache-Control header isn't properly set, an attacker could execute an attack. However, it ensures cross-origin resources are not valuable to the attacker (when loaded by the browser as public resource) or allowed to be shared with the attacker (when shared with CORP: cross-origin). The COEP setup doesn't prevent an attacker from exploiting Spectre. Resources explicitly allowed to be shared cross-origin, via CORS or the CORP header.Public resources, requested without cookies.This ensures cross-origin resources are either: Modern web browsers enforce Cross-Origin Embedder Policy (COEP). As a consequence, modern web browsers have restricted usage of some of their features-such as SharedArrayBuffer or high resolution timer-to pages with cross-origin isolation. This means an attacker can gain unauthorized access to cross-origin data. The Spectre vulnerability allows a page to read an OS process's memory. Recommended actions for high-value websites Cache-related security and privacy risks # Leaky resources from Spectre vulnerabilities #.Different types of HTTP caches and common misconceptions.Security and privacy problems you might be unaware of.Read on to learn why this matters and discover: If the response varies due to cookies-which can happen when the cookie stores credentials-set Vary: Cookie. Set an appropriate secondary cache key.Prevent intermediaries from caching the resource.Not using or misusing the Cache-Control header might negatively impact the security of your website and your users' privacy.įor personalized responses you want to keep private, we recommend you either: ![]() Take these recommended actions for your websiteīy default, resources are always allowed to be cached by any type of cache.SSL prevents intermediaries from caching HTTPS resources Common misconceptions about HTTP caches.Leaky resources from Spectre vulnerabilities.Cache-related security and privacy risks.
0 Comments
Leave a Reply. |