210481 – Cross-Origin Embedder Policy

RESOLVED DUPLICATE of bug 228755 210481

Cross-Origin Embedder Policy

https://bugs.webkit.org/show_bug.cgi?id=210481

Summary Cross-Origin Embedder Policy

yhirano

Reported 2020-04-14 00:39:58 PDT

Tentatively specified at https://wicg.github.io/cross-origin-embedder-policy/ (I'm now merging the spec to the HTML and the fetch specs). The feature can be enabled by the "cross-origin-embedder-policy" HTTP header, and when enabled, sub resource requests initiated by the document (or worker) requires the CORP check.

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2020-04-14 17:52:48 PDT

<rdar://problem/61799661>

sideshowbarker

Comment 2 2021-02-16 18:48:14 PST

Note that this is now part of the HTML standard: https://html.spec.whatwg.org/multipage/origin.html#coep …and Firefox and Chrome have both shipped support for it: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy#browser_compatibility

Brent Fulgham

Comment 3 2022-03-08 10:58:41 PST

*** This bug has been marked as a duplicate of bug 228755 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 228755

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Page Loading

Assignee

Nobody

Reported

2020-04-14 00:39 PDT

Modified

2022-03-08 10:58 PST History

CC List

6 users Show

URL

Keywords InRadar

Depends on

Blocks