WICG/origin-policy

Issues

• Work on origin policy is on hold for now

  #104 opened 3 years ago
  2

• Nonces in Origin-CSPs

  #101 opened 3 years ago
  1

• Feature Request: Add a `min_version` to the TLS section api

  #100 opened 4 years ago
  0

• `strict-transport-security` is entire host, not entire origin

  #99 opened 4 years ago
  0

• How can an Origin detect if Origin-Policy is supported by the User Agent?

  #98 opened 5 years ago
  1

• Enabling fast Origin Policy application

  #96 opened 5 years ago
  6

• Origin policy interacting with older service workers

  #94 opened 5 years ago
  0

• Test plan tracking issue

  #92 opened 5 years ago
  0

• Allowing A/B testing of origin policies

  #89 opened 5 years ago
  0

• Compare header parsing error/empty cases

  #88 opened 5 years ago
  0

• Strictness in header parsing

  #87 opened 5 years ago
  12

• potential performance issues with fetching origin policy

  #86 opened 5 years ago
  4

• supporting origin policy for fully offline use cases

  #85 opened 5 years ago
  9

• Infinite recursion fetching origin policy

  #84 opened 5 years ago
  3

• Does Origin Policy apply to certain opaque origins?

  #81 opened 5 years ago
  4

• Parameters on Structured Headers

  #78 opened 5 years ago
  2

• Vary, request headers, and telling what policy has been applied

  #77 opened 5 years ago
  1

• null client is not correct for fetching origin policies

  #75 opened 5 years ago
  0

• Feature Policy stability

  #74 opened 5 years ago
  1

• "origin's origin policy" seems like a bad spec primitive

  #73 opened 5 years ago
  7

• Cross-Origin-Resource-Policy defaulting

  #95 opened 5 years ago
  3

• Defined that preferred takes a valid origin policy ID

  #68 opened 5 years ago
  0

• Should allowed have special values besides null

  #67 opened 5 years ago
  10

• New version negotiation mechanism makes updates impossible for cached resources

  #66 opened 5 years ago
  4

• Should the request for /.well-known/origin-policy include a Referrer?

  #65 opened 5 years ago
  1

• support document policies

  #64 opened 5 years ago
  1

• Define report-to

  #62 opened 5 years ago
  1

• Consolidating allowed/preferred?

  #61 opened 5 years ago
  3

• Potential other uses for origin policy brought up at BlinkOn

  #52 opened 5 years ago
  3

• How do sites serve origin policies selectively?

  #51 opened 5 years ago
  18

• Inconsistency between CSP and Feature Policy formats

  #50 opened 5 years ago
  10

• Error handling discussion

  #49 opened 5 years ago
  4

• Allow page to know from JavaScript what policy was applied

  #48 opened 5 years ago
  5

• Which takes precedence, origin policy or headers?

  #46 opened 5 years ago
  1

• PR #29 fixed a typo in index.src.html but not in index.html

  #45 opened 5 years ago
  1

• Always fetch the origin policy on every request

  #44 opened 6 years ago
  16

• "version" is a confusing term

  #43 opened 5 years ago
  2

• "Suffix" in 2.3.1. is not defined

  #42 opened 5 years ago
  1

• Limit entropy of Sec-Origin-Policy request header

  #41 opened 6 years ago
  1

• Consider different OP announcement value

  #40 opened 5 years ago
  1

• Multiple Sec-Origin-Policy headers

  #36 opened 5 years ago
  6

• Multi-definition of configurations

  #35 opened 5 years ago
  4

• CSP without policy attribute

  #34 opened 5 years ago
  4

• MIME type naming

  #33 opened 5 years ago
  0

• JSON parsing not defined

  #32 opened 5 years ago
  8

• Interaction with suborigins

  #31 opened 5 years ago
  2

• TODO if implemented by two browsers

  #30 opened 7 years ago
  0

• Origin Policy manifest fetching and HTTP

  #28 opened 7 years ago
  2

• Fetch manifests on redirects

  #27 opened 7 years ago
  4

• Should HSTS be part of this

  #25 opened 7 years ago
  4