by Giorgio Maone » Fri Apr 02, 2021 3:57 pm
Guest wrote: ↑Fri Apr 02, 2021 12:10 pm
In the current form it's too much of an annoyance on many sites. It should be reworked to work more silently or be disabled by default.
In 11.2.5rc1 it can be configured per site (the new "csspp0" capability is enabled where you don't want the protection).
Guest wrote: ↑Fri Apr 02, 2021 12:10 pm
Btw are there any privacy implications? I avoid unnecessary connections and prefetching. Does this new protection cause additional connections?
Nope. It just anticipates connections which would be made anyway by the stylesheets, coalescing them so that they can't be used as a CPU timing side channel.
[quote=Guest post_id=103845 time=1617365443]
In the current form it's too much of an annoyance on many sites. It should be reworked to work more silently or be disabled by default.
[/quote]
In 11.2.5rc1 it can be configured per site (the new "csspp0" capability is enabled where you don't want the protection).
[quote=Guest post_id=103845 time=1617365443]
Btw are there any privacy implications? I avoid unnecessary connections and prefetching. Does this new protection cause additional connections?
[/quote]
Nope. It just anticipates connections which would be made anyway by the stylesheets, coalescing them so that they can't be used as a CPU timing side channel.