#31923: Add Support for Cross-Origin Embedder Policy and Cross-Origin Resource
Policy Headers
-------------------------------------+-------------------------------------
Reporter: meggles711 | Owner:
| meggles711
Type: New feature | Status: assigned
Component: HTTP handling | Version: dev
Severity: Normal | Resolution:
Keywords: COEP, header, CORP, | Triage Stage: Accepted
security |
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Adam Johnson):
> Adam, can I ask you to put your mind to how we might encapsulate these
headers (as per the mailing list thread)?
I did follow that thread but couldn't formulate a great reply. I guess I
lean towards Tim's arguments.
If we *were* to do a subclass-this-to-change-from-the-defaults I would
make that class just `SecurityMiddleware`, with some class-level
attributes. But it would be a lot of churn for the existing settings.
> An probably also COOP (Cross-Origin-Opener-Policy) and the acronyms are
getting ridiculously confusing.
COOP was added in #31840.
--
Ticket URL: <https://code.djangoproject.com/ticket/31923#comment:7>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/068.57c85631a8e766dcd508dc2824127775%40djangoproject.com.
