Skip to content

Commit

Permalink
COEP: Enforce CORP in cache.match()
Browse files Browse the repository at this point in the history 
Document using:
"Cross-Origin-Embedder-Policy: require-corp"
must not access cross-origin response that do not have the header:
"Cross-Origin-Resource-Policy: cross-site"

This is about only no-cors requests. CORS requests are checked against the
CORS headers instead.

See:
 - whatwg/fetch#985
 - w3c/ServiceWorker#1490

Bug:1031542
Change-Id: I94a2cb9435fcf3e76f57a8f3d3344c87fa23f9a9
  • Loading branch information
@ArthurSonzogni @chromium-wpt-export-bot
ArthurSonzogni authored and chromium-wpt-export-bot committed Dec 19, 2019
1 parent 0ae74ec commit 615aa2a
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion html/cross-origin-embedder-policy/require-corp-load-from-cache-storage.https.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@
const cache = await caches.open('v1');

if (response_type === 'error') {
await promise_rejects(t, new TypeError(), cache.match(url));
await promise_rejects(t, 15 /* InvalidAccessError*/, cache.match(url));
return;
}

Expand Down

0 comments on commit 615aa2a

Please sign in to comment.