CSP: Embedded Enforcement

CSP's Embedded enforcement defines a mechanism by which a web page can embed a nested browsing context if and only if it agrees to enforce a particular set of restrictions upon itself. We should prototype an implementation to see if it's something that solves real problems in a way we can ship.

Specification

Editor's draft

Status in Chromium

Blink>SecurityFeature


Enabled by default (launch bug) in:

  • Chrome for desktop release 61
  • Chrome for Android release 61
  • Chrome for iOS release 61
  • Android WebView release 61
  • Opera release 48
  • Opera for Android release 48

Consensus & Standardization

  • No public signals
  • No public signals
  • No public signals
  • No signals

Owners

Last updated on 2017-06-14