Chrome Will Move Another Feature to HTTPS-only: The Presentation API
Features That Require Permissions Need To Use Secure Contexts
Google engineers have announced that the Presentation API will be disabled over insecure origins in Chrome 67, due for release around Q2 of 2018.
The Presentation API allows a device to display content on a second screen, such as a projector or TV. One of the more notable uses of the Presentation API is Google’s “Casting” feature available on Chrome, Android, and through the Chrome Cast device.
The Presentation API is either used through the Cast SDK, or directly in Chrome on its own. Both implementations of the Presentation API will be deprecated and disabled over HTTP and other unsecure protocols and origins. This means the Cast SDK will also require HTTPS or other secure methods.
HTTPS is the secure origin that comes to mind first, but Chrome also considers localhost, file://, chrome-extension://, and a few other origins to be secure.
In a 2016 interview with Wired, Parisa Tabriz, head of Chrome security, said that “Google wants web pages to be able to reach deeper into your computer’s resources, accessing the same sensitive information, like location and offline data, that apps routinely use.”
Google’s security team is making sure that Chrome uses that data safely. That is (part of the reason) why Chrome originally proposed Deprecating Powerful Features on Insecure Origins (and the same proposal for new features) with the goal of making sure any feature that can access particularly sensitive information does so over an authenticated, encrypted, and secure medium.
Chrome has already disabled geolocation on insecure origins and plans to do so with a number of other features including device orientation, AppCache, and more.
The proposed deprecation for the Presentation API will see a console warning added for insecure uses of the API in Chrome 61 (due to be released last week of July 2017) and disabled in version 67.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownPayPal Phishing Certificates Far More Prevalent Than Previously Thought
in Industry Lowdown