urn:uuid:8a5363d2-fbc6-5172-9d40-5a8dcfbb1be5 Topic: Hypertext – Ctrl blog Daniel Aleksandersen https://www.daniel.priv.no/ Copyright © 2021 Daniel Aleksandersen. https://www.ctrl.blog/assets/favicon/favicon.svg 2021-02-02T14:58:00Z weekly 10 urn:uuid:fd139d96-76ea-4280-9424-bd86526a7548 2021-02-02T14:58:00Z 2021-02-02T14:58:00Z Why Firefox for Android logs you out of everything all the time Firefox for Android “forgets” to send SameSite=Strict cookies to websites, causing them to log you out and forgot you ever visited them in the past. <p>I’ve been increasingly frustrated with Firefox for Android, my preferred mobile web browser. I’ve repeatedly had to re-login to some websites and had various problems with cookies since last year’s release of the new Firefox codenamed “Daylight.” Websites forget me between each visit and I get the “new visitor” experience every time. I finally worked out what’s going wrong.</p> <p><a href="https://www.ctrl.blog/entry/firefox-samesite-cookies-android.html#src=feed">Read more …</a></p> urn:uuid:bff9371d-fc07-43f8-be7d-288af99a6078 2020-11-30T22:43:00Z 2020-11-30T22:43:00Z Chrome to remove HTTP/2 Push Chrome intends to remove support for server push; an underutilized performance feature introduced in HTTP/2. It cites low usage and implementation complexity. <p>Chromium developers have announced that they plan to remove support for HTTP/2 server push from the market-leading browser engine. Server push lets web servers preemptively send clients resources it expects them to request later. The technique can reduce the number of network round-trips required before the client has all the resources it needs to display a page. The announcement cited high implementation complexity, low adoption among websites, and questionable performance gains as the reason for the removal.</p> <p><a href="https://www.ctrl.blog/entry/http2-push-chromium-deprecation.html#src=feed">Read more …</a></p> urn:uuid:7f3f2fb2-3f98-4cc1-a6aa-4ac8902d0ba8 2020-06-23T15:45:00Z 2020-11-23T14:46:00Z Promote your Onion site with the Onion-Location HTTP header Promote your Onion site with the <code translate=no>Onion-Location</code> <abbr title='HyperText Transfer Protocol'>HTTP</abbr> header A new HTTP header enables websites to redirect their visitors using the Tor Browser to their more secure Onion site. <p>The Tor Browser anonymizes web browsing using multi-hop network routing featuring layered encryption (the “Onion network”). You can picture it like that trope in action movies where they’re tracing a network intrusion back through multiple server locations scattered all over a world map. (Except that the reverse tracing isn’t a thing and the Onion network’s encryption prevents any meaningful interception.)</p> <p><a href="https://www.ctrl.blog/entry/tor-onion-location-header.html#src=feed">Read more …</a></p> urn:uuid:46da4787-40b2-40ce-ad56-22dfcbf00075 2019-06-12T05:23:00Z 2019-06-12T05:23:00Z Compressed favicons are 70% smaller but 75% are served uncompressed The majority of websites don’t compress their favicon files despite an impressive average file size reduction of over 70 %. <p>Conventional wisdom for performance optimization says that you should only enable HTTP content negotiated compression for plain text data formats and leave it off for binary data formats. Many binary image formats natively support compression so there would be little gained from compression them again. However, there are a number of exceptions to this rule and one of them is the ubiquitous <code>favicon.ico</code> file.</p> <p><a href="https://www.ctrl.blog/entry/favicon-compression.html#src=feed">Read more …</a></p> urn:uuid:efe87cab-949c-4612-8080-8564f2a7f08d 2019-03-08T06:48:00Z 2019-03-08T06:48:00Z Don’t rely on mod_negotiation to serve pre-compressed resources Don’t rely on <code translate=no>mod_negotiation</code> to serve pre-compressed resources Apache’s module for server-driven HTTP content negotiation isn’t suited to make decisions about which pre-compressed resource to serve. <p>The Apache HTTP Server (<code>httpd</code>) can handle server-driven negotiation for a request for static files and make an informed selection from several different file variants using special file extension patterns (such as <code>.gz</code>) using <code>mod_negotiation</code>. However, this module is unsuited to handle content negotiation for pre-compressed resources.</p> <p><a href="https://www.ctrl.blog/entry/mod_negotiation.html#src=feed">Read more …</a></p>