CSP 'navigate-to' directive - Chrome Platform Status

Feature: CSP 'navigate-to' directive

The navigate-to directive restricts the URLs to which a document can initiate navigations by any means (a, form, window.location, window.open, etc.). This is an enforcement on what navigations this document initiates not on what this document is allowed to navigate to. If the form-action directive is present, the navigate-to directive will not act on navigations that are form submissions.

Demo

https://w3c.github.io/webappsec-csp/#directive-navigate-to

Specification

Specification link

Status: Unknown standards status - check spec link for status

Status in Chromium

Blink components: Blink>SecurityFeature

Implementation status: In development

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Firefox: No signal
Edge: Positive
Safari: No signal
Web Developers: Positive

Owner

andypaicu@chromium.org

Last updated on 2021-08-13