#31923: Add Support for Cross-Origin Embedder Policy and Cross-Origin Resource
Policy Headers
-------------------------------------+-------------------------------------
Reporter: meggles711 | Owner:
| meggles711
Type: New feature | Status: assigned
Component: HTTP handling | Version: dev
Severity: Normal | Resolution:
Keywords: COEP, header, CORP, | Triage Stage:
security | Someday/Maybe
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Adam Johnson):
The headers are now in the HTML Specification:
* COEP: https://html.spec.whatwg.org/multipage/origin.html#coep
* CORP: https://fetch.spec.whatwg.org/#cross-origin-resource-policy-header
The PDF Chrome bug referred to by MDN seems to have been fixed through a
revert ([https://bugs.chromium.org/p/chromium/issues/detail?id=1074261
original bug],
[https://bugs.chromium.org/p/chromium/issues/detail?id=961617 bug it was
merged into],
[https://bugs.chromium.org/p/chromium/issues/detail?id=1115149 a revert of
the problematic PDF behaviour]).
The Firefox bug referred to by MDN is also fixed:
https://bugzilla.mozilla.org/show_bug.cgi?id=1638323
I think it makes sense to add these headers to Django for 4.0 - thoughts?
--
Ticket URL: <https://code.djangoproject.com/ticket/31923#comment:3>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/068.3a538153a5a23f73586e53e95331c4f5%40djangoproject.com.
