Chapter 10

Chapter 10, Keeping Data Private, is now available! This chapter adds cookies, and with them the possibility of personalized web applications. That brings with it a host of security concerns.

I first drafted this chapter in a rush, during a conference, with a focus on how web applications can address cross-site scripting and request forgery. But recently browsers have started implementing powerful browser-side policy tools to improve web application security, and we rewrote the chapter to focus on those tools. After all, it’s a book about web browsers.

As a result, this is the most “modern” chapter in the book so far, focusing on recent developments like Content-Security-Policy and SameSite cookies, though of course classic issues like XMLHttpRequest and the same-origin policy also appear. It’s a bit scary to write about in-progress technologies—we don’t want our book to become obsolete—but it’s also exciting to give readers a taste of something happening now.

This chapter is also the last chapter in Part 3, and with that milestone reached we’ll be slowing the pace of new chapters. The first three parts sketch the major browser components, and in Part 4 we want to add depth, focusing on what makes modern browsers fast. Those chapters are more complex and harder to write—but also more exciting!

As always, please spread the word if you like what you’re reading, and follow our blog and Twitter. We’re especially grateful for our supporters on Patreon. You can ask questions and discuss the book on Github Discussions.