Origin Policy provides a mechanism for defining configuration options with origin-wide impact. This status item covers Origin Policy infrastructure and support for Content Security Policy and Feature Policy policy items.
Motivation
Developers set a number of properties associated with resources on an origin by delivering resource-specific HTTP response headers and meta elements. However, the existing delivery mechanism is ill-suited to the task, suffering from a clear mismatch between the resource-specific nature of the metadata declarations on the one hand, and the origin-wide intent of the metadata on the other. Origin policy provides a centralized per-origin location for configurations that can apply across an origin, such as CSP, feature policy, origin isolation, network error logging, and more.
Documentation
Specification
Status in Chromium
In development (tracking bug)
Consensus & Standardization
- Positive
- No signal
- No signal
- Positive
Owners
Last updated on 2020-12-23