CSP: Embedded Enforcement

CSP's Embedded enforcement defines a mechanism by which a web page can embed a nested browsing context if and only if it agrees to enforce a particular set of restrictions upon itself. We should prototype an implementation to see if it's something that solves real problems in a way we can ship.

Specification

Editor's draft

Status in Chromium

Blink components: Blink>SecurityFeature

Enabled by default (launch bug) in:

• Chrome for desktop release 61
• Chrome for Android release 61
• Chrome for iOS release 61
• Android WebView release 61
• Opera release 48
• Opera for Android release 48

Consensus & Standardization

• Firefox: No public signals
• Edge: No public signals
• Safari: No public signals
• Web Developers: No signals

Owners

• amalika@google.com
• andypaicu@chromium.org
• mkwst@chromium.org

Last updated on 2017-06-14