210481 2020-04-14 00:39:58 -0700 Cross-Origin Embedder Policy 2022-03-08 10:58:41 -0800 1 1 1 Unclassified WebKit Page Loading WebKit Nightly Build Unspecified Unspecified RESOLVED DUPLICATE 228755 InRadar P2 Normal --- 1 yhirano webkit-unassigned agektmr beidson bfulgham mike webkit-bug-importer youennf oldest_to_newest 1641273 0 yhirano 2020-04-14 00:39:58 -0700 Tentatively specified at https://wicg.github.io/cross-origin-embedder-policy/ (I'm now merging the spec to the HTML and the fetch specs). The feature can be enabled by the "cross-origin-embedder-policy" HTTP header, and when enabled, sub resource requests initiated by the document (or worker) requires the CORP check. 1641625 1 webkit-bug-importer 2020-04-14 17:52:48 -0700 <rdar://problem/61799661> 1730078 2 mike 2021-02-16 18:48:14 -0800 Note that this is now part of the HTML standard: https://html.spec.whatwg.org/multipage/origin.html#coep …and Firefox and Chrome have both shipped support for it: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy#browser_compatibility 1849333 3 bfulgham 2022-03-08 10:58:41 -0800 *** This bug has been marked as a duplicate of bug 228755 ***