[HTTP Header] Cross-Origin-Opener-Policy #4366
Labels
Comments
This comment has been minimized.
This comment has been minimized.
Malvoz
changed the title
|
The |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The
Cross-Origin-Opener-Policy(COOP) header prevents third-parties from opening/controlling a window.Explainers:
https://docs.google.com/document/d/1eQEdjHDaJHJ5SFyRKjcqohS7x8XSpF8xmajXimAKcHc
https://docs.google.com/document/d/1Ey3MXcLzwR1T7aarkpBXEwP7jKdd2NvQdgYvF8_8scI
Initial definition:
https://gist.github.com/annevk/6f2dd8c79c77123f39797f6bdac43f3e
Google I/O 2019 explainer video:
https://www.youtube.com/watch?v=DDtM9caQ97I&t=2264
Chrome status:
https://www.chromestatus.com/feature/5432089535053824
Edit:
This header was implemented in Safari 12 and renamed from
Cross-Origin-OptionstoCross-Origin-Window-Policybut support was dropped in release note 67.This header was also at some point proposed as
Cross-Origin-Isolate.I mention name changes mainly because we should preferably include those as
keywordsso developers can find the latest version of the header if they stumble upon old documentation.The text was updated successfully, but these errors were encountered: