Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add more information to COEP reporting #5391

Closed
yutakahirano opened this issue Mar 24, 2020 · 2 comments · Fixed by #5848
Closed

Add more information to COEP reporting #5391

yutakahirano opened this issue Mar 24, 2020 · 2 comments · Fixed by #5848
Labels
topic: cross-origin-embedder-policy Issues and ideas around the new "require CORP for subresource requests and frames and etc" proposal.

Comments

@yutakahirano
Copy link
Member

yutakahirano commented Mar 24, 2020
edited by annevk
Loading

@annevk
Copy link
Member

annevk commented Mar 24, 2020

Both of those seem safe in that they don't leak any information an attacker wouldn't already know.

@annevk annevk added the topic: cross-origin-embedder-policy Issues and ideas around the new "require CORP for subresource requests and frames and etc" proposal. label Mar 24, 2020
@domenic domenic mentioned this issue May 29, 2020
Closed
@domenic
Copy link
Member

domenic commented May 29, 2020

This seems relatively easy to add to #5454, although perhaps it would be simpler to delay any normative changes until we can fully turn down the https://wicg.github.io/cross-origin-embedder-policy/ document.

@yutakahirano yutakahirano mentioned this issue Jun 1, 2020
Merged
3 tasks
domenic pushed a commit that referenced this issue Jun 25, 2020
@yutakahirano
Add cross-origin embedder policy
70b8bb4 
Merges https://github.com/WICG/cross-origin-embedder-policy into HTML.

Associated PRs:

* whatwg/fetch#1030
* w3c/ServiceWorker#1516
* w3c/css-houdini-drafts#992

Fixes #5368, fixes #5634, fixes
whatwg/fetch#985, and fixes
w3c/ServiceWorker#1490.

Follow-up: #4916, #4919, #4930 #5223, and #5391. (As well as defining
cross-origin isolated, per #4732.)
yutakahirano added a commit to whatwg/fetch that referenced this issue Aug 20, 2020
@yutakahirano
Augment COEP violation report
cc7b5af 
 - "blocked-url" is renamed to "blockedURL" (whatwg/html#5818).
 - Added "disposition" (whatwg/html#5391).
 - Added "destination" (whatwg/html#5391).

The CORP check now takes "destination" as a parameter.
yutakahirano added a commit to yutakahirano/html that referenced this issue Aug 20, 2020
@yutakahirano
Augment COEP violation report
6d9f99c 
 - "blocked-url" is renamed to "blockedURL" (whatwg#5818).
 - Added "disposition" (whatwg#5391).
 - Added "destination" (whatwg#5391).

The CORP check now takes "destination" as a parameter.

Fixes whatwg#5391 and whatwg#5818.
@yutakahirano yutakahirano mentioned this issue Aug 20, 2020
Merged
3 tasks
yutakahirano added a commit to yutakahirano/html that referenced this issue Aug 20, 2020
@yutakahirano
Augment COEP violation report
ff00128 
 - "blocked-url" is renamed to "blockedURL" (whatwg#5818).
 - Added "disposition" (whatwg#5391).

Fixes whatwg#5391 and whatwg#5818.
@yutakahirano yutakahirano mentioned this issue Aug 20, 2020
Merged
domenic pushed a commit to whatwg/fetch that referenced this issue Aug 21, 2020
@yutakahirano
Augment COEP violation report
ad9a84a 
* Rename "blocked-url" to "blockedURL" (whatwg/html#5818).
* Add "disposition" (whatwg/html#5391).
* Add "destination" (whatwg/html#5391).
domenic pushed a commit that referenced this issue Aug 21, 2020
@yutakahirano
Augment COEP violation report
8c90eb6 
* Rename "blocked-url" to "blockedURL"; fixes #5818.
* Add "disposition" and "destination"; closes #5391.
mfreed7 pushed a commit to mfreed7/html that referenced this issue Sep 11, 2020
@yutakahirano @mfreed7
Add cross-origin embedder policy
add7b6e 
Merges https://github.com/WICG/cross-origin-embedder-policy into HTML.

Associated PRs:

* whatwg/fetch#1030
* w3c/ServiceWorker#1516
* w3c/css-houdini-drafts#992

Fixes whatwg#5368, fixes whatwg#5634, fixes
whatwg/fetch#985, and fixes
w3c/ServiceWorker#1490.

Follow-up: whatwg#4916, whatwg#4919, whatwg#4930 whatwg#5223, and whatwg#5391. (As well as defining
cross-origin isolated, per whatwg#4732.)
mfreed7 pushed a commit to mfreed7/html that referenced this issue Sep 11, 2020
@yutakahirano @mfreed7
Augment COEP violation report
f21bb0a 
* Rename "blocked-url" to "blockedURL"; fixes whatwg#5818.
* Add "disposition" and "destination"; closes whatwg#5391.
@agampafb agampafb mentioned this issue Sep 30, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
topic: cross-origin-embedder-policy Issues and ideas around the new "require CORP for subresource requests and frames and etc" proposal.
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Augment COEP violation report yutakahirano/html
3 participants
@domenic @annevk @yutakahirano