IIS and Web Servers
Fall 2020 Chromium (Edge & Chrome) Security changes in HTTP
Gravatar is a globally recognized avatar based on your email address. Fall 2020 Chromium (Edge & Chrome) Security changes in HTTP
  Jay van Santen
  All
  Mar 9, 2021 @ 12:33pm

Not quite sure if this fits in this Forum.

In some custom Javascript code on our WC site, an operation (Punchout Login) is failing due to deprecated HTTP programming. This is due to tightening up security issues with older language constructs.

These changes were announced back in the 2nd half of 2020 and will be a part of all Chrome-based browsers, which includes the latest version of Edge.

I'm not sufficiently familiar with WC to identify instances of deprecated HTTP. But, I was interested in how the framework has adapted, if needed, to these changes.

Here's a link to the changes as they appear in Edge.

Site compatibility-impacting changes coming to Microsoft Edge - Microsoft Edge Development | Microsoft Docs

https://docs.microsoft.com/en-us/microsoft-edge/web-platform/site-impacting-changes#:~:text=Site%20compatibility-impacting%20changes%20coming%20to%20Microsoft%20Edge%20,a%20su%20...%206%20more%20rows

Gravatar is a globally recognized avatar based on your email address. re: Fall 2020 Chromium (Edge & Chrome) Security changes in HTTP
  Jay van Santen
  Jay van Santen
  Mar 9, 2021 @ 12:56pm

Got a partial answer from another current thread to which Rick responded with a white paper: https://www.west-wind.com/wconnect/weblog/ShowEntry.blog?id=937

TLS 1.2 support is provided by the operating system and WC utilizes a wrapper to access that.

Interested in how WC has addressed the other issues noted in the links to Chrome/Edge security changes coming down the pike.

Gravatar is a globally recognized avatar based on your email address. re: Fall 2020 Chromium (Edge & Chrome) Security changes in HTTP
  Rick Strahl
  Jay van Santen
  Mar 9, 2021 @ 01:59pm

These aren't issues that directly need to be addressed by Web Connection, but by your application. Mostly this is concerning same site cookies.

In version 7 there have been changes to the default way that cookies are created for session cookies to follow the stricter guidelines. AFAIK, these are safe for same site cookie usage and work across all chromium browsers without warnings. Older applications need to update their cookie settings manually or update to a more recent version of Web Connection for automatic updates.

+++ Rick ---

© 1996-2021