I read about Spectre (CVE-2017-5753) but it is unclear how it actually affect the everyday programmer? I read a couple articles but I am still not sure if it may break any of my old project or existing code. It would be great to know what I should look out for when trying to adapt to the changes Spectre introduced about how browsers processes JavaScript.
After researching I found some recommendations here.
Best practices summed briefly:
Prevent cookies from being loaded into the memory of the renderer using options present in the Set-Cookie header.
Make it hard to guess and access the URL of pages that contain sensitive information. If the URL is known to the attacker, the renderer might be forced to load it into its memory. Same-origin policies alone do not protect against these attacks.
Ensure that all responses are returned with the correct MIME type, and that the content type is marked as nosniff. This will prevent the browser from reinterpreting the contents of the response, and can prevent it from being loaded into the memory of the renderer when a malicious site tries to load it in certain ways.
References: