Closed
Bug 1486822
Opened 6 years ago
Closed 6 years ago
Cross-Origin Read Policy (CORP) (previously From-Orgin)
Categories
(Core :: DOM: Security, enhancement)
Core
DOM: Security
Tracking
()
RESOLVED
DUPLICATE
of bug 1459573
People
(Reporter: tjr, Unassigned)
References
Details
Reporter | ||
Comment 1•6 years ago
|
||
(I accidentally submitted too quickly) CORP is a HTTP header that allows an origin to specify what third party origins are allowed to use resources it serves (such as stylesheets, images, script files, etc.) It is analogous to X-FRAME-OPTIONS. If an origin attempts to embed resources whose From-Origin indicates it is not allowed to, the browser will mimic a network error (or something similar). It assists in Fission Security by providing websites a way to opt-in to protecting their non-document resources from potential disclosure via a Spectre attack. (CORB is an on-by-default mechanism to protect the document resources.)
Summary: Cross-Origin Read Policy (CORP) (previously From → Cross-Origin Read Policy (CORP) (previously From-Orgin)
Reporter | ||
Updated•6 years ago
|
Alias: corp
Comment 2•6 years ago
|
||
Dupe of bug 1459573?
Reporter | ||
Comment 3•6 years ago
|
||
Dangit I thought I had a bug for it filed; but couldn't find it...
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Reporter | ||
Updated•6 years ago
|
Alias: corp
You need to log in
before you can comment on or make changes to this bug.
Description
•