-
Notifications
You must be signed in to change notification settings - Fork 685
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement Cross-Origin-Opener-Policy Header #6176
Comments
Moving forward this analysis i consider that we should enable as well CORP and COEP with the following exact configuration:
References: |
This was referenced Nov 26, 2021
Closed in #6187 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I consider that it would be really valualbe if we could implement the
HTTP Cross-Origin-Opener-Policy (COOP)
header to ensure that the top-level document does not share a browsing context group with cross-origin documents.The policy to be set in our use case is:
Cross-Origin-Opener-Policy: same-origin
Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy
This tickets follows a discussion had on w3c/webappsec-referrer-policy#159 and some great advices by @annevk and @hackademix and a successul experimentation within GlobaLeaks: globaleaks/GlobaLeaks#3103
The text was updated successfully, but these errors were encountered: