Origin Policy

Origin Policy provides a mechanism for defining configuration options with origin-wide impact. This status item covers Origin Policy infrastructure and support for Content Security Policy and Feature Policy policy items.

Developers set a number of properties associated with resources on an origin by delivering resource-specific HTTP response headers and meta elements. However, the existing delivery mechanism is ill-suited to the task, suffering from a clear mismatch between the resource-specific nature of the metadata declarations on the one hand, and the origin-wide intent of the metadata on the other. Origin policy provides a centralized per-origin location for configurations that can apply across an origin, such as CSP, feature policy, origin isolation, network error logging, and more.

Documentation

Specification

Editor's draft

Status in Chromium

Blink>SecurityFeature


In development (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • Public support
  • No public signals
  • No public signals
  • Positive

Owners

Last updated on 2020-06-15