Chrome 84 Adds Web OTP API
Written by Ian Elliot   
Thursday, 23 July 2020

Google has launched Chrome 84 with improvements including the Web OTP API, Web Animations API, and changes to SameSite cookies, along with the removal of older versions of Transport Layer Security (TLS).

The removal of support for older versions of TLS began with Chrome 81 in April, when support for TLS 1.0 and TLS 1.1 was deprecated. This has now been completely removed with Chrome 84. The TLS cryptographic protocol handles the encryption of HTTPS connections along with communications between web servers and browsers, but older versions of TLS have security flaws, hence the removal of support.

chrome

The second developer-related improvement to Chrome is the introduction of the Web OTP API. This was present in earlier versions as the SMS Receiver API, but the new version has significant differences. The Web OTP API helps users enter a one-time password (OTP) on a webpage based on an SMS message that is delivered to their Android phone. An OTP can be used to verify that a phone number entered onto a webpage belongs to the person entering the data on the page. The OTP is sent to the phone number using SMS, and this has to be copied and pasted back into the form on the website, or manually entered by the user. The Web OTP API lets developers help users enter the code with one tap.

Another API improvement is support for the Web Animations API. This is a tool that developers can use to write imperative animations with JavaScript. The API was written to help with both CSS animation and transition implementations, and to "enable future effects to be developed, as well as existing effects to be composed and timed". The API was previously available, but the latest release is more compliant and supports compositing operations, These define and control the way you can combine effects. Java Promises are supported in this version, giving developers more control over the sequencing of animations, as well as the way they interact with other parts of your app.

The final major improvement for developers is to the handling of SameSite cookies. The SameSite attribute was introduced in Chrome 51 and provides a way to  declare that cookies should be restricted to avoid cross-site request forgeries (CSRF).Chrome uses a SameSite attribute on a cookie with three settings - not set, strict or lax. If you set SameSite to Strict, cookies will only be sent if the site for the cookie matches the site currently shown in the browser's URL bar.

Google says that not many developers bother using SameSite, leaving users vulnerable to CSRF and unintentional information leakage.To overcome this, Chrome now implements the secure-by-default system for cookie classification, treating cookies that have no declared SameSite value as SameSite=Lax cookies.

chrome

More Information

Download Chrome

Related Articles

Chrome Takes Over Web - Blocks Edge

Chrome 10 Years Old - And It Seems A Lot Older

Firefox 78 - New Extended Support Release

Developer Tool Improvements In Firefox 77

Edge - Can A New Logo Change Its Fortunes

Firefox 69 - New Features But Still Not Caught Up?

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner


Eclipse IoT Developer Survey 2024
04/12/2024

The Eclipse Foundation’s IoT Working Group has released the results of its 2024 IoT Developer Survey. Industrial automation and automotive are now the leading industry sectors and connectivity is th [ ... ]



Lightbend Announces Akka 3
15/11/2024

Lightbend, the company that developed Akka, has announced Akka 3, and has changed its name to Akka. The company produces cloud-native microservices frameworks, and Akka is used for building distribute [ ... ]


More News

espbook

 

Comments




or email your comment to: comments@i-programmer.info

<ASIN:1871962625>

<ASIN:1871962579>

<ASIN:1871962560>

<ASIN:1871962501>

<ASIN:1871962528>

 

Last Updated ( Thursday, 23 July 2020 )