Bug 210481
| Summary: | Cross-Origin Embedder Policy | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | yhirano |
| Component: | Page Loading | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | agektmr, beidson, bfulgham, mike, webkit-bug-importer, youennf |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
yhirano
Tentatively specified at https://wicg.github.io/cross-origin-embedder-policy/ (I'm now merging the spec to the HTML and the fetch specs).
The feature can be enabled by the "cross-origin-embedder-policy" HTTP header, and when enabled, sub resource requests initiated by the document (or worker) requires the CORP check.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/61799661>
sideshowbarker
Note that this is now part of the HTML standard:
https://html.spec.whatwg.org/multipage/origin.html#coep
…and Firefox and Chrome have both shipped support for it:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy#browser_compatibility
Brent Fulgham
*** This bug has been marked as a duplicate of bug 228755 ***