-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
COEP + non-HTTP Dedicated Workers #4916
Comments
This comment has been minimized.
This comment has been minimized.
Yes, for non-HTTP workers we'll need to inherit. Apologies for the misguided earlier comment. |
Does |
I think @perryjiang might have been referring to |
This applies to workers, shared workers, and frames. Given that we're building on secure contexts Does that make sense? |
I notice that we currently have a test for cc @whatwg/cross-origin-isolation |
@whatwg/cross-origin-isolation please see w3c/webappsec-secure-contexts#69 for some further thoughts on |
I created web-platform-tests/wpt#21230 for |
Merges https://github.com/WICG/cross-origin-embedder-policy into HTML. Associated PRs: * whatwg/fetch#1030 * w3c/ServiceWorker#1516 * w3c/css-houdini-drafts#992 Fixes #5368, fixes #5634, fixes whatwg/fetch#985, and fixes w3c/ServiceWorker#1490. Follow-up: #4916, #4919, #4930 #5223, and #5391. (As well as defining cross-origin isolated, per #4732.)
What is the latest on this? Perhaps someone could summarize what's left to do, and if there are any open questions? @yutakahirano |
Currently we inherit parent's policy but we may change that for blobs, depending on the future resolution of #5198. |
Merges https://github.com/WICG/cross-origin-embedder-policy into HTML. Associated PRs: * whatwg/fetch#1030 * w3c/ServiceWorker#1516 * w3c/css-houdini-drafts#992 Fixes whatwg#5368, fixes whatwg#5634, fixes whatwg/fetch#985, and fixes w3c/ServiceWorker#1490. Follow-up: whatwg#4916, whatwg#4919, whatwg#4930 whatwg#5223, and whatwg#5391. (As well as defining cross-origin isolated, per whatwg#4732.)
Part of whatwg#4926. Closes whatwg#4916.
https://mikewest.github.io/corpp/ should specify what COEP to set for non-HTTP Dedicated Workers (e.g. data, blob, file, etc.). I think inheriting the owner's COEP makes sense.
@annevk @mikewest
The text was updated successfully, but these errors were encountered: