Re: [Django] #31840: Adding Support for Cross-Origin Opener Policy

2020-10-25 Thread Django 
#31840: Adding Support for Cross-Origin Opener Policy
-+-
 Reporter:  meggles711   |Owner:
 |  meggles711
 Type:  New feature  |   Status:  assigned
Component:  HTTP handling|  Version:  master
 Severity:  Normal   |   Resolution:
 Keywords:  COOP, security,  | Triage Stage:  Accepted
  headers|
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  1
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Mariusz Felisiak):

 * needs_better_patch:  0 => 1


-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/068.1660e8054dedacc7c62c43725dbc36a6%40djangoproject.com.

Re: [Django] #31840: Adding Support for Cross-Origin Opener Policy

2020-10-25 Thread Django 
#31840: Adding Support for Cross-Origin Opener Policy
-+-
 Reporter:  meggles711   |Owner:
 |  meggles711
 Type:  New feature  |   Status:  assigned
Component:  HTTP handling|  Version:  master
 Severity:  Normal   |   Resolution:
 Keywords:  COOP, security,  | Triage Stage:  Accepted
  headers|
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Jacob Walls):

 * has_patch:  0 => 1


Comment:

 Hi Megan, I'm linking your patch and ticking Has Patch to increase
 visibility for reviewers. In the meantime, would you be able to rebase?

 [https://github.com/django/django/pull/13351 PR]

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/068.bc63792ba8df2aa3b67c8e64594cbf46%40djangoproject.com.

Re: [Django] #31840: Adding Support for Cross-Origin Opener Policy

2020-07-30 Thread Django 
#31840: Adding Support for Cross-Origin Opener Policy
-+-
 Reporter:  meggles711   |Owner:
 |  meggles711
 Type:  New feature  |   Status:  assigned
Component:  HTTP handling|  Version:  master
 Severity:  Normal   |   Resolution:
 Keywords:  COOP, security,  | Triage Stage:  Accepted
  headers|
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-

Comment (by meggles711):

 Okay, sounds good, I'll cc some other developers and have them review my
 code before I make a pull request. I'll also check out the thread you
 started on the mailing list.

 I was considering pitching adding support for COOP and another header
 called Cross-Origin Embedder Policy (COEP) in the same issue. However,
 COEP relies on having a specific CORS or CORP header setting which Django
 doesn't currently have support for right now either. Maybe I consider
 tackling COEP and CORS/CORP now as well so that they don't have to be
 raised as 2 additional issues that are just adding security headers?

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/068.f905702abea8f8c73ac4233ac78f665a%40djangoproject.com.

Re: [Django] #31840: Adding Support for Cross-Origin Opener Policy

2020-07-30 Thread Django 
#31840: Adding Support for Cross-Origin Opener Policy
-+-
 Reporter:  meggles711   |Owner:
 |  meggles711
 Type:  New feature  |   Status:  assigned
Component:  HTTP handling|  Version:  master
 Severity:  Normal   |   Resolution:
 Keywords:  COOP, security,  | Triage Stage:  Accepted
  headers|
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Carlton Gibson):

 * cc: Florian Apolloner (added)


Comment:

 Noting also #31425 and #30729 are more or less the same as well. ("Add
 support for a header...")

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/068.3938078a1e3439d00bdc705fa5366b84%40djangoproject.com.

Re: [Django] #31840: Adding Support for Cross-Origin Opener Policy

2020-07-30 Thread Django 
#31840: Adding Support for Cross-Origin Opener Policy
-+-
 Reporter:  meggles711   |Owner:
 |  meggles711
 Type:  New feature  |   Status:  assigned
Component:  HTTP handling|  Version:  master
 Severity:  Normal   |   Resolution:
 Keywords:  COOP, security,  | Triage Stage:  Accepted
  headers|
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Carlton Gibson):

 * cc: Adam (Chainz) Johnson, Nick Pope (added)
 * stage:  Unreviewed => Accepted


Comment:

 OK, thanks. I'll provisionally Accept this, but cc a couple of people
 who've been involved before here, and also
 [https://groups.google.com/d/topic/django-
 developers/WJAbbwJKp30/discussion I've raised a question on the mailing
 list], since I'm not sure about ''just keep adding settings'' as the best
 approach here. (Maybe we adjust the "Accept" to something else...?)

 #30746 is the same ballpark here for Permissions-Policy

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/068.e7449ae4f9ad21bfbec0378e44ec8ed3%40djangoproject.com.

Re: [Django] #31840: Adding Support for Cross-Origin Opener Policy

2020-07-29 Thread Django 
#31840: Adding Support for Cross-Origin Opener Policy
-+-
 Reporter:  meggles711   |Owner:
 |  meggles711
 Type:  New feature  |   Status:  assigned
Component:  HTTP handling|  Version:  master
 Severity:  Normal   |   Resolution:
 Keywords:  COOP, security,  | Triage Stage:
  headers|  Unreviewed
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by meggles711):

 * owner:  nobody => meggles711
 * status:  new => assigned


-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/068.45eae7f9fa9be346fcc397b6c0cb649b%40djangoproject.com.