Bug 210481 - Cross-Origin Embedder Policy
Summary: Cross-Origin Embedder Policy
Status: RESOLVED DUPLICATE of bug 228755
Alias: None
Product: WebKit
Classification: Unclassified
Component: Page Loading (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-04-14 00:39 PDT by yhirano
Modified: 2022-03-08 10:58 PST (History)
6 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description yhirano 2020-04-14 00:39:58 PDT 
Tentatively specified at https://wicg.github.io/cross-origin-embedder-policy/ (I'm now merging the spec to the HTML and the fetch specs).

The feature can be enabled by the "cross-origin-embedder-policy" HTTP header, and when enabled, sub resource requests initiated by the document (or worker) requires the CORP check.
Comment 1 Radar WebKit Bug Importer 2020-04-14 17:52:48 PDT 
<rdar://problem/61799661>
Comment 2 sideshowbarker 2021-02-16 18:48:14 PST 
Note that this is now part of the HTML standard:

https://html.spec.whatwg.org/multipage/origin.html#coep

…and Firefox and Chrome have both shipped support for it:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy#browser_compatibility
Comment 3 Brent Fulgham 2022-03-08 10:58:41 PST 

*** This bug has been marked as a duplicate of bug 228755 ***