[jira] [Resolved] (WICKET-6805) Add Cross-Origin Opener Policy and Cross-Origin Embedder Policy support

Thu, 27 Aug 2020 05:01:16 -0700 


     [ 
https://issues.apache.org/jira/browse/WICKET-6805?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Martin Tzvetanov Grigorov resolved WICKET-6805.
-----------------------------------------------
    Fix Version/s: 9.1.0
         Assignee: Martin Tzvetanov Grigorov
       Resolution: Fixed

> Add Cross-Origin Opener Policy and Cross-Origin Embedder Policy support
> -----------------------------------------------------------------------
>
>                 Key: WICKET-6805
>                 URL: https://issues.apache.org/jira/browse/WICKET-6805
>             Project: Wicket
>          Issue Type: New Feature
>          Components: wicket-core
>            Reporter: Santiago Diaz
>            Assignee: Martin Tzvetanov Grigorov
>            Priority: Major
>             Fix For: 9.1.0
>
>
> We would like to add support in Wicket for Cross-Origin Opener Policy and 
> Cross Origin Embedder Policy.
> COOP is a security mitigation that lets developers isolate their resources 
> against side-channel attacks and information leaks. COEP  prevents a document 
> from loading any non-same-origin resources which don't explicitly grant the 
> document permission to be loaded. Using COEP and COOP together allows 
> developers to safely use powerful features such as SharedArrayBuffer, 
> performance.measureMemory(), and the JS Self-Profiling API. COOP and COEP are 
> now supported by all major browsers.
> A COOP request cycle listener will be implemented to add COOP headers to HTTP 
> responses, allowing developers to configure COOP to use unsafe-none, 
> same-origin or same-origin-allow-popups. Finally, developers will be able to 
> disable COOP entirely for a set of exempted paths that are intended to be 
> used cross-site.
> A separate COEP request cycle listener will be implemented to add COEP 
> headers to HTTP responses, similarly, this listener will allow developers to 
> configure COEP to use the report-only or enforcing headers, to use COEP in 
> reporting or enforcing mode. The COEP listener will also allow developers to 
> disable COEP entirely for a set of exempted paths. 
> References:
> https://web.dev/why-coop-coep/
> https://web.dev/coop-coep/



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to