You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Santiago Diaz (Jira)" <ji...@apache.org> on 2020/08/04 08:21:00 UTC
[jira] [Updated] (WICKET-6805) Add Cross-Origin Opener Policy and
Cross-Origin Embedder Policy support
[ https://issues.apache.org/jira/browse/WICKET-6805?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Santiago Diaz updated WICKET-6805:
----------------------------------
Summary: Add Cross-Origin Opener Policy and Cross-Origin Embedder Policy support (was: Add Cross-Origin Opener Policy Support)
> Add Cross-Origin Opener Policy and Cross-Origin Embedder Policy support
> -----------------------------------------------------------------------
>
> Key: WICKET-6805
> URL: https://issues.apache.org/jira/browse/WICKET-6805
> Project: Wicket
> Issue Type: New Feature
> Components: wicket-core
> Reporter: Santiago Diaz
> Priority: Major
>
> We would like to add support in Wicket for Cross-Origin Opener Policy.
> COOP is a security mitigation that lets developers isolate their resources against side-channel attacks and information leaks. COOP is now supported by all major browsers.
> A COOP request cycle listener will be implemented to add COOP headers to HTTP responses, allowing developers to configure COOP to use {{unsafe-none}}, {{same-site}} or {{same-origin}}. Finally, developers will be able to disable COOP entirely for a set of exempted paths that are intended to be used cross-site.
>
> References:
> [https://web.dev/why-coop-coep/]
> [https://web.dev/coop-coep/]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)