Bug 210481

Summary: Cross-Origin Embedder Policy
Product: WebKit Reporter: yhirano
Component: Page LoadingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: agektmr, beidson, bfulgham, mike, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description yhirano 2020-04-14 00:39:58 PDT 
Tentatively specified at https://wicg.github.io/cross-origin-embedder-policy/ (I'm now merging the spec to the HTML and the fetch specs).

The feature can be enabled by the "cross-origin-embedder-policy" HTTP header, and when enabled, sub resource requests initiated by the document (or worker) requires the CORP check.
Comment 1 Radar WebKit Bug Importer 2020-04-14 17:52:48 PDT 
<rdar://problem/61799661>
Comment 2 sideshowbarker 2021-02-16 18:48:14 PST 
Note that this is now part of the HTML standard:

https://html.spec.whatwg.org/multipage/origin.html#coep

…and Firefox and Chrome have both shipped support for it:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy#browser_compatibility
Comment 3 Brent Fulgham 2022-03-08 10:58:41 PST 

*** This bug has been marked as a duplicate of bug 228755 ***