Secure contexts - Web security 编辑

A secure context is a Window or Worker for which certain minimum standards of authentication and confidentiality are met. Many Web APIs and features are accessible only in a secure context. The primary goal of secure contexts is to prevent MITM attackers from accessing powerful APIs that could further compromise the victim of an attack.

Why should some features be restricted?

Some APIs on the web are very powerful, giving an attacker the ability to do the following and more:

  • Invade a user's privacy.
  • Get low-level access to a user's computer.
  • Get access to data such as user credentials.

When is a context considered secure?

A context is considered secure when it meets certain minimum standards of authentication and confidentiality defined in the Secure Contexts specification. A particular document is considered to be in a secure context when it is the active document of a top-level browsing context (basically, a containing window or tab) that is a secure context.

For example, even for a document delivered over TLS within an <iframe>, its context is not considered secure if it has an ancestor that was not also delivered over TLS.

However, it’s important to note that if a non-secure context causes a new window to be created (with or without specifying noopener), then the fact that the opener was insecure has no effect on whether the new window is considered secure. That’s because the determination of whether or not a particular document is in a secure context is based only on considering it within the top-level browsing context with which it is associated — and not whether a non-secure context happened to be used to create it.

Locally-delivered resources such as those with http://127.0.0.1 URLs, http://localhost and  http://*.localhost URLs (e.g. http://dev.whatever.localhost/), and file:// URLs are also considered to have been delivered securely.

Note: Firefox 84 and later support http://localhost and http://*.localhost URLs as trustworthy origins (earlier versions did not, because localhost was not guaranteed to map to a local/loopback address).

Resources that are not local, to be considered secure, must meet the following criteria:

  • must be served over https:// or wss:// URLs
  • the security properties of the network channel used to deliver the resource must not be considered deprecated

Feature detection

Pages can use feature detection to check whether they are in a secure context or not by using the isSecureContext boolean, which is exposed on the global scope.

if (window.isSecureContext) {
  // Page is a secure context so service workers are now available
  navigator.serviceWorker.register("/offline-worker.js").then(function () {
    ...
  });
}

Specifications

SpecificationStatusComment
Secure ContextsCandidate RecommendationEditor’s Draft

See also

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:92 次

字数:5260

最后编辑:7 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文