Implement Cross-Origin-Opener-Policy Header #3103

evilaliv3 · 2021-11-12T10:33:35Z

It would be really valuable to implement the HTTP Cross-Origin-Opener-Policy (COOP) header to ensure that the top-level document does not share a browsing context group with cross-origin documents.

The policy to be set in our use case is: Cross-Origin-Opener-Policy: same-origin

Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy

Acknowledgments: this tickets follows a discussion had on w3c/webappsec-referrer-policy#159 and some great advices by @annevk and @hackademix! Thank you!

The text was updated successfully, but these errors were encountered:

evilaliv3 · 2021-11-12T11:22:38Z

Policy implemented and included starting from release 4.5.2

evilaliv3 added T: Enhancement F: Security labels Nov 12, 2021

evilaliv3 added a commit that referenced this issue Nov 12, 2021

Implement Cross-Origin-Opener-Policy Header (#3103)

8be1d62

evilaliv3 added a commit that referenced this issue Nov 12, 2021

[doc] Add documentation about Cross-Origin-Opener-Policy (#3103)

514affd

evilaliv3 closed this as completed Nov 12, 2021

evilaliv3 mentioned this issue Nov 21, 2021

Implement Cross-Origin-Opener-Policy Header freedomofpress/securedrop#6176

Closed

evilaliv3 added a commit that referenced this issue Dec 1, 2021

Implement Cross-Origin-Opener-Policy Header (#3103)

0e8f612

evilaliv3 added a commit that referenced this issue Dec 1, 2021

[doc] Add documentation about Cross-Origin-Opener-Policy (#3103)

9592090

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Implement Cross-Origin-Opener-Policy Header #3103

Implement Cross-Origin-Opener-Policy Header #3103

evilaliv3 commented Nov 12, 2021

evilaliv3 commented Nov 12, 2021

Implement Cross-Origin-Opener-Policy Header #3103

Implement Cross-Origin-Opener-Policy Header #3103

Comments

evilaliv3 commented Nov 12, 2021

evilaliv3 commented Nov 12, 2021