Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement COOP and COEP #562

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Implement COOP and COEP #562

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 2 additions & 0 deletions benches/src/header_map/basic.rs
View file
Open in desktop
Expand Up @@ -547,6 +547,8 @@ const STD: &'static [HeaderName] = &[
CONTENT_SECURITY_POLICY_REPORT_ONLY,
CONTENT_TYPE,
COOKIE,
CROSS_ORIGIN_EMBEDDER_POLICY,
CROSS_ORIGIN_OPENER_POLICY,
DNT,
DATE,
ETAG,
Expand Down
2 changes: 2 additions & 0 deletions src/header/mod.rs
View file
Open in desktop
Expand Up @@ -112,6 +112,8 @@ pub use self::name::{
CONTENT_SECURITY_POLICY_REPORT_ONLY,
CONTENT_TYPE,
COOKIE,
CROSS_ORIGIN_EMBEDDER_POLICY,
CROSS_ORIGIN_OPENER_POLICY,
DNT,
DATE,
ETAG,
Expand Down
24 changes: 24 additions & 0 deletions src/header/name.rs
View file
Open in desktop
Expand Up @@ -464,6 +464,30 @@ standard_headers! {
/// the browser are set to block them, for example.
(Cookie, COOKIE, b"cookie");

/// Allows a server to declare an embedder policy for a given document.
///
/// The HTTP `Cross-Origin-Embedder-Policy` (COEP) response header prevents
/// a document from loading any cross-origin resources that don't
/// explicitly grant the document permission (using CORP or CORS).
(CrossOriginEmbedderPolicy, CROSS_ORIGIN_EMBEDDER_POLICY, b"cross-origin-embedder-policy");

/// Prevents other domains from opening/controlling a window.
///
/// The HTTP `Cross-Origin-Opener-Policy` (COOP) response header allows you
/// to ensure a top-level document does not share a browsing context group
/// with cross-origin documents.
///
/// COOP will process-isolate your document and potential attackers can't
/// access your global object if they were to open it in a popup,
/// preventing a set of cross-origin attacks dubbed XS-Leaks.
///
/// If a cross-origin document with COOP is opened in a new window, the
/// opening document will not have a reference to it, and the
/// `window.opener` property of the new window will be `null`. This allows
/// you to have more control over references to a window than
/// `rel=noopener`, which only affects outgoing navigations.
(CrossOriginOpenerPolicy, CROSS_ORIGIN_OPENER_POLICY, b"cross-origin-opener-policy");

/// Indicates the client's tracking preference.
///
/// This header lets users indicate whether they would prefer privacy rather
Expand Down
2 changes: 2 additions & 0 deletions tests/header_map.rs
View file
Open in desktop
Expand Up @@ -357,6 +357,8 @@ const STD: &'static [HeaderName] = &[
CONTENT_SECURITY_POLICY_REPORT_ONLY,
CONTENT_TYPE,
COOKIE,
CROSS_ORIGIN_EMBEDDER_POLICY,
CROSS_ORIGIN_OPENER_POLICY,
DNT,
DATE,
ETAG,
Expand Down
2 changes: 2 additions & 0 deletions tests/header_map_fuzz.rs
View file
Open in desktop
Expand Up @@ -293,6 +293,8 @@ fn gen_header_name(g: &mut StdRng) -> HeaderName {
header::CONTENT_SECURITY_POLICY_REPORT_ONLY,
header::CONTENT_TYPE,
header::COOKIE,
header::CROSS_ORIGIN_EMBEDDER_POLICY,
header::CROSS_ORIGIN_OPENER_POLICY,
header::DNT,
header::DATE,
header::ETAG,
Expand Down