[ https://issues.apache.org/jira/browse/WICKET-6805?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Tzvetanov Grigorov resolved WICKET-6805. ----------------------------------------------- Fix Version/s: 9.1.0 Assignee: Martin Tzvetanov Grigorov Resolution: Fixed > Add Cross-Origin Opener Policy and Cross-Origin Embedder Policy support > ----------------------------------------------------------------------- > > Key: WICKET-6805 > URL: https://issues.apache.org/jira/browse/WICKET-6805 > Project: Wicket > Issue Type: New Feature > Components: wicket-core > Reporter: Santiago Diaz > Assignee: Martin Tzvetanov Grigorov > Priority: Major > Fix For: 9.1.0 > > > We would like to add support in Wicket for Cross-Origin Opener Policy and > Cross Origin Embedder Policy. > COOP is a security mitigation that lets developers isolate their resources > against side-channel attacks and information leaks. COEP prevents a document > from loading any non-same-origin resources which don't explicitly grant the > document permission to be loaded. Using COEP and COOP together allows > developers to safely use powerful features such as SharedArrayBuffer, > performance.measureMemory(), and the JS Self-Profiling API. COOP and COEP are > now supported by all major browsers. > A COOP request cycle listener will be implemented to add COOP headers to HTTP > responses, allowing developers to configure COOP to use unsafe-none, > same-origin or same-origin-allow-popups. Finally, developers will be able to > disable COOP entirely for a set of exempted paths that are intended to be > used cross-site. > A separate COEP request cycle listener will be implemented to add COEP > headers to HTTP responses, similarly, this listener will allow developers to > configure COEP to use the report-only or enforcing headers, to use COEP in > reporting or enforcing mode. The COEP listener will also allow developers to > disable COEP entirely for a set of exempted paths. > References: > https://web.dev/why-coop-coep/ > https://web.dev/coop-coep/ -- This message was sent by Atlassian Jira (v8.3.4#803005)