TLS / encrypted traffic only and HSTS

TLS (Transport Layer Security) (sometimes refered to as SSL) has been around for almost 20 years. It is mandatory in dappy, unencrypted HTTP traffic does not exist. For browser to node (network member) it only accepts TLSv1.3, and for regular browser to servers communication it only accepts TLSv1.2+ .

This of course makes a lot of MITM attacks impossible to perform.

See it in the dappy codebase

HSTS (HTTP Strict Transport Security)

HSTS (HTTP Strict Transport Security) is a feature communicated by web servers to browsers through HTTP headers, that tells the browser to exclusively rely on HTTPS for all the in/out connections in a given session. It is of course useless in dappy since it is already a exclusively HTTP+TLS web browser.

Mozilla's documentaion on HSTS

PreviousCross-origin resource sharing (CORS)NextContent Security Policy (CSP)

Last updated 2 years ago