Dappy specifications
  • Introduction
  • Specs and web standards
    • Name system
    • Authorized characters for names / IDNA
  • Sections specific to browser and web applications
    • Cookies
    • Cross-origin resource sharing (CORS)
    • TLS / encrypted traffic only and HSTS
    • Content Security Policy (CSP)
  • Glossary
    • Dappy Network and network members (or agents)
    • Co-resolution
    • Dappy protocol
    • Dappy browser
    • Traditional or regular web browsers
    • IP application
    • Dapp
Powered by GitBook
On this page

Was this helpful?

  1. Sections specific to browser and web applications

TLS / encrypted traffic only and HSTS

PreviousCross-origin resource sharing (CORS)NextContent Security Policy (CSP)

Last updated 3 years ago

Was this helpful?

TLS (Transport Layer Security) (sometimes refered to as SSL) has been around for almost 20 years. It is mandatory in dappy, unencrypted HTTP traffic does not exist. For browser to node (network member) it only accepts TLSv1.3, and for regular browser to servers communication it only accepts TLSv1.2+ .

This of course makes a lot of MITM attacks impossible to perform.

HSTS (HTTP Strict Transport Security)

HSTS (HTTP Strict Transport Security) is a feature communicated by web servers to browsers through HTTP headers, that tells the browser to exclusively rely on HTTPS for all the in/out connections in a given session. It is of course useless in dappy since it is already a exclusively HTTP+TLS web browser.

on HSTS

See it in the dappy codebase
Mozilla's documentaion