HTTP Fences: Immigration Control for Web Pages

We propose an extension to the HTTP protocol that allows specification of domain borders in the form of fences – a service provider is empowered with the ability to specify what exactly they would like to accept as being within their domain. The extension also provides a second asset which is a policy specification or data visa; these visas specify what types of data can be brought into the fence-specified domain from the outside (such as scripts, images, HTML, etc). Together, the fences and visas provide a data “immigration” policy where the authors of a web application can easily specify how data is allowed to enter and exit their application through automated web-based means. These rules can help to prevent unwanted information leak or entry (such as the usual effects of Cross-Site Scripting attacks), as well as similar “loose–origin” vulnerabilities that may not yet be identified. The main benefits realized from our Immigration policy are preventive measures against cross-domain attacks and a relief of burden on web application programmers. Since content restrictions are specified by the web server and enforced by the browser regardless of the data actually served by the website, web application developers need to worry less that their code does the“right thing”with user input. This is especially beneficial as web sites more frequently allow visitors to contribute data in the fashion of the Web 2.0 movement.