Origin Policy provides a mechanism for defining configuration options with origin-wide impact. This status item covers Origin Policy infrastructure and support for Content Security Policy and Feature Policy policy items.

Motivation

Developers set a number of properties associated with resources on an origin by delivering resource-specific HTTP response headers and meta elements. However, the existing delivery mechanism is ill-suited to the task, suffering from a clear mismatch between the resource-specific nature of the metadata declarations on the one hand, and the origin-wide intent of the metadata on the other. Origin policy provides a centralized per-origin location for configurations that can apply across an origin, such as CSP, feature policy, origin isolation, network error logging, and more.

Documentation

• None

Specification

Specification link

Status: Unknown standards status - check spec link for status

Status in Chromium

Blink components: Blink>SecurityFeature

Implementation status: On hold (tracking bug)

Consensus & Standardization

• Firefox: Positive
• Edge: No signal
• Safari: No signal
• Web Developers: Positive

Owners

• domenic@chromium.org
• vogelheim@chromium.org
• mkwst@chromium.org
• wjmaclean@chromium.org

Last updated on 2021-09-08