Introduce Cross-Origin Embedder Policy#1516
Merged
jakearchibald merged 7 commits intow3c:masterfrom Jul 8, 2020
Merged
Conversation
This is part of whatwg/html#5454. - Define embedder policy in environment settings object for service workers. - Add the CORP check in #dom-cache-matchall.
Contributor
Author
|
Some links don't work because whatwg/html#5454 has not been landed yet. |
This was referenced Jun 2, 2020
Closed
annevk
reviewed
Jun 2, 2020
annevk
reviewed
Jun 3, 2020
3 tasks
annevk
reviewed
Jun 10, 2020
docs/index.bs
Outdated
| 1. [=list/For each=] |requestResponse| of |requestResponses|: | ||
| 1. Add a copy of |requestResponse|'s response to |responses|. | ||
| 1. [=list/For each=] |response| of |responses|: | ||
| 1. If |response|'s [=response/type=] is "`opaque`" and [=cross-origin resource policy check=] with |response|'s [=internal/internal response=], |promise|'s [=relevant settings object=]'s [=environment settings object/origin=], and |promise|'s [=relevant settings object=] returns <b>blocked</b>, then reject |promise| with a `TypeError` and abort these steps. |
Member
There was a problem hiding this comment.
I think this needs some updating still to account for the parameter order in Fetch. And also, one of the arguments is a policy right, not an environment settings object?
Contributor
Author
There was a problem hiding this comment.
Oh sorry I fixed the parameter ordering. Reg: policy I think you are talking about the corp internal check, not the corp check.
moz-v2v-gh
pushed a commit
to mozilla/gecko-dev
that referenced
this pull request
Jun 18, 2020
…RP checking in cache APIs r=dom-workers-and-storage-reviewers,perry According to w3c/ServiceWorker#1516, Replacing RequestMode by ResponseType for CORP checking in cache.match() and cache.matchAll(). Differential Revision: https://phabricator.services.mozilla.com/D77747
xeonchen
pushed a commit
to xeonchen/gecko
that referenced
this pull request
Jun 19, 2020
…RP checking in cache APIs r=dom-workers-and-storage-reviewers,perry According to w3c/ServiceWorker#1516, Replacing RequestMode by ResponseType for CORP checking in cache.match() and cache.matchAll(). Differential Revision: https://phabricator.services.mozilla.com/D77747
domenic
pushed a commit
to whatwg/html
that referenced
this pull request
Jun 25, 2020
Merges https://github.com/WICG/cross-origin-embedder-policy into HTML. Associated PRs: * whatwg/fetch#1030 * w3c/ServiceWorker#1516 * w3c/css-houdini-drafts#992 Fixes #5368, fixes #5634, fixes whatwg/fetch#985, and fixes w3c/ServiceWorker#1490. Follow-up: #4916, #4919, #4930 #5223, and #5391. (As well as defining cross-origin isolated, per #4732.)
Contributor
Author
|
Can we land this as well? |
jakearchibald
approved these changes
Jul 7, 2020
Contributor
jakearchibald
left a comment
There was a problem hiding this comment.
LGTM. I like this pattern much more than the pattern we currently use for CSP, which is a bit hand-wavey.
Contributor
|
Do we have tests for the cache API change? |
Contributor
Author
|
Thank you!
Yes, as html/cross-origin-embedder-policy/*cache-storage*.https.html. |
mfreed7
pushed a commit
to mfreed7/html
that referenced
this pull request
Sep 11, 2020
Merges https://github.com/WICG/cross-origin-embedder-policy into HTML. Associated PRs: * whatwg/fetch#1030 * w3c/ServiceWorker#1516 * w3c/css-houdini-drafts#992 Fixes whatwg#5368, fixes whatwg#5634, fixes whatwg/fetch#985, and fixes w3c/ServiceWorker#1490. Follow-up: whatwg#4916, whatwg#4919, whatwg#4930 whatwg#5223, and whatwg#5391. (As well as defining cross-origin isolated, per whatwg#4732.)
bhearsum
pushed a commit
to mozilla-releng/staging-firefox
that referenced
this pull request
May 1, 2025
…RP checking in cache APIs r=dom-workers-and-storage-reviewers,perry According to w3c/ServiceWorker#1516, Replacing RequestMode by ResponseType for CORP checking in cache.match() and cache.matchAll(). Differential Revision: https://phabricator.services.mozilla.com/D77747
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is part of whatwg/html#5454.
workers.
Closes #1490 and whatwg/fetch#985.
Preview | Diff