Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
The `disown-opener` directive is not the right model #194
The current pressing need for
I would like to re-open this discussion around this perhaps we could reach a good solution that is good for Secure Contexts (w3c/webappsec-secure-contexts#42).
It sounds to me that the
What I'm not sure about is how important is the
referenced this issue
Oct 9, 2017
added a commit
Jan 7, 2018
Would it be better if this was a separate header from CSP? Because it seems to me that the restricted behavior of how the opener works may depend upon the domain that is linked to, which I think is beyond what CSP is for.
However it is highly likely I do not fully understand what this directive is suppose to do.
@AliceWonderMiscreations good question, it reminds me that the HTTP header equivalent to the HTML attribute