CSP 'navigate-to' directive

The navigate-to directive restricts the URLs to which a document can initiate navigations by any means (a, form, window.location, window.open, etc.). This is an enforcement on what navigations this document initiates not on what this document is allowed to navigate to. If the form-action directive is present, the navigate-to directive will not act on navigations that are form submissions.

Demo

Specification

Editor's draft

Status in Chromium

Blink>SecurityFeature


In development

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • No public signals
  • Public support
  • No public signals
  • Positive

Owner

Last updated on 2020-03-25