Cross-Origin-Embedding-Policy? from Mike West on 2019-06-19 (public-webappsec@w3.org from June 2019)

From: Mike West <mkwst@google.com>
Date: Wed, 19 Jun 2019 11:27:31 +0200
To: Web Application Security Working Group <public-webappsec@w3.org>
Message-ID: <CAKXHy=deGxUHJMuOSfS85Juq12W+UM2+RooORw09XLRDHsZ93w@mail.gmail.com>

Hey folks,

We've mentioned the discussion around Spectre mitigations like
`Cross-Origin-Resource-Policy-Policy` in a few of our previous calls, and
pointed to the conversation at https://github.com/whatwg/html/issues/4175
 specifically.

I've tried to coalesce that discussion down to a monkey-patch doc that will
eventually turn into PRs against HTML and Fetch:
https://mikewest.github.io/corpp/.

Y'all's feedback would be welcome! Either here, or in bugs filed against
HTML (which we'll bundle up under the "
https://github.com/whatwg/html/labels/topic%3A%20cross-origin-embedding-policy"
label.

Thanks!

-mike

Received on Wednesday, 19 June 2019 09:28:06 UTC