Alongside, CORB, From-Origin will mitigate cross-site resources from being loaded into a malicious content process. When a resource load (image, font, etc) is requested, the From_origin response header will be examined. If present and matching the requesting origin, it will be supplied to the content process and loaded. If non-matching, it will be rejected in some way and not loaded into the content process. https://github.com/whatwg/fetch/issues/687
web-platform-tests tests are in fetch/cross-origin-resource-policy.
Summary: Support From-Origin → Support Cross-Origin-Resource-Policy
Summary: Support Cross-Origin-Resource-Policy → Support Cross Origin Resource Policy (CORP) (Previously From-Origin)
Component: DOM → DOM: Core & HTML
Product: Core → Core
You need to log in before you can comment on or make changes to this bug.