Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cross-Origin-Resource-Policy advice #767

Open
annevk opened this issue Jun 18, 2018 · 2 comments
Open

Cross-Origin-Resource-Policy advice #767

annevk opened this issue Jun 18, 2018 · 2 comments
Labels
clarification Standard could be clearer

Comments

@annevk
Copy link
Member

annevk commented Jun 18, 2018

As @mikewest noted in #733 there should be some advice as to when to use this header and that it should probably be used in conjunction with X-Frame-Options: ... at least until all browsers ship site isolation.
@annevk annevk added the clarification Standard could be clearer label Jun 18, 2018
@annevk annevk mentioned this issue Jun 18, 2018
Merged
annevk added a commit that referenced this issue Jun 18, 2018
@annevk
Define Cross-Origin-Resource-Policy response header
0cec471 
This header makes it easier for sites to block unwanted "no-cors"
cross-origin requests.

Tests:

* web-platform-tests/wpt#11171
* web-platform-tests/wpt#11427
* web-platform-tests/wpt#11428

Follow-up: #760 & #767.

Fixes #687.
@Malvoz
Copy link

Malvoz commented Jul 23, 2018
edited
Loading

Should CSP's frame-ancestors be mentioned aswell?

@annevk
Copy link
Member Author

annevk commented Jul 23, 2018

Yeah, that seems reasonable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
clarification Standard could be clearer
Milestone
No milestone
Development

No branches or pull requests
2 participants
@annevk @Malvoz