New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 837379 link

Starred by 3 users
Status: Duplicate
Merged: issue 853723
Owner: ----
Closed: Jan 15
Cc:
nick@chromium.org
creis@chromium.org
palmer@chromium.org
wfh@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac , Fuchsia
Pri: 3
Type: Feature

Blocking:
issue 268640



Sign in to add a comment

Need to support Cross-Origin-Resource-Policy (aka CORP; was: From-Origin) header as CORB opt-in

Project Member Reported by lukasza@chromium.org, Apr 26 2018 
https://github.com/whatwg/fetch/issues/687 proposes to use From-Origin header to protect responses against Spectre attacks.  We should consider using this header as a signal to protect the response in CORB (even if it is not HTML, XML or JSON but something like an image).

Comment 1 by lukasza@chromium.org, Jun 19 2018 

See also issue 853723

Comment 2 by palmer@chromium.org, Jun 19 2018

Cc: palmer@chromium.org
Components: Security
Labels: -Type-Bug OS-Android OS-Chrome OS-Fuchsia OS-Linux OS-Mac OS-Windows Type-Feature

Comment 3 by lukasza@chromium.org, Dec 4

Summary: Need to support Cross-Origin-Resource-Policy (aka CORP; was: From-Origin) header as CORB opt-in (was: Servers should be able to use From-Origin header to opt into Cross-Origin Read Blocking (CORB))

Comment 4 by creis@chromium.org, Jan 15

Mergedinto: 853723
Status: Duplicate (was: Untriaged)
I'll mark this as a dupe of issue 853723, so that we have one place to track this.

Sign in to add a comment