Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Opaque Response Blocking (ORB, aka CORB++) #64

Closed
sysrqb opened this issue Sep 19, 2022 · 1 comment
Closed

Opaque Response Blocking (ORB, aka CORB++) #64

sysrqb opened this issue Sep 19, 2022 · 1 comment
Assignees
@johnwilander @annevk
Labels
from: Apple Proposed, edited, or co-edited by Apple. from: Google Proposed, edited, or co-edited by Google. from: Mozilla Proposed, edited, or co-edited by Mozilla. position: support topic: http Spec relates to the HTTP (Hypertext Transfer Protocol) family of protocols topic: loading topic: security venue: none / personal repository The venue for discussion is a GitHub repository not affiliated with a standards body. venue: WHATWG Fetch Workstream

Comments

@sysrqb
Copy link

sysrqb commented Sep 19, 2022
edited by annevk
Loading

Request for position on an emerging web specification

Information about the spec

Design reviews and vendor positions

Mozilla is implementing: https://bugzilla.mozilla.org/show_bug.cgi?id=1532642.

Anything else we need to know

https://lists.webkit.org/pipermail/webkit-dev/2022-May/032222.html
@othermaciej othermaciej added topic: loading topic: security topic: http Spec relates to the HTTP (Hypertext Transfer Protocol) family of protocols venue: none / personal repository The venue for discussion is a GitHub repository not affiliated with a standards body. venue: WHATWG Fetch Workstream from: Google Proposed, edited, or co-edited by Google. from: Apple Proposed, edited, or co-edited by Apple. from: Mozilla Proposed, edited, or co-edited by Mozilla. labels Sep 25, 2022
@hober hober moved this from Unscreened to Needs position in Standards Positions Review Backlog Mar 23, 2023
@hober hober moved this from Needs position to Needs assignees in Standards Positions Review Backlog Mar 27, 2023
@hober hober moved this from Needs assignees to Needs position in Standards Positions Review Backlog Mar 27, 2023
@annevk annevk mentioned this issue Nov 14, 2023
Closed
@annevk
Copy link
Contributor

annevk commented May 7, 2024

Colleagues and I discussed this (though quite a while ago now, my bad) and think this is worth pursuing as it provides defense-in-depth for a significant number of subresources. In particular this proposal helps guard:

  • same-site-but-cross-origin subresources (these always get cookies)
  • cross-origin subresources when Storage Access is active for their origin
  • cross-origin subresources on local networks

As such I suggest we mark this "position: support" one week from now.

@annevk annevk closed this as completed May 17, 2024
@github-project-automation github-project-automation bot moved this from Needs position to Done in Standards Positions Review Backlog May 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@johnwilander johnwilander

@annevk annevk

Labels
from: Apple Proposed, edited, or co-edited by Apple. from: Google Proposed, edited, or co-edited by Google. from: Mozilla Proposed, edited, or co-edited by Mozilla. position: support topic: http Spec relates to the HTTP (Hypertext Transfer Protocol) family of protocols topic: loading topic: security venue: none / personal repository The venue for discussion is a GitHub repository not affiliated with a standards body. venue: WHATWG Fetch Workstream
Projects
Standards Positions Review Backlog
Status: Done
Milestone
No milestone
Development

No branches or pull requests
4 participants
@johnwilander @othermaciej @annevk @sysrqb