[wp-trac] [WordPress Trac] #54474: Add cross-origin-resource-policy: cross-origin header to WordPress shared resources to allow COOP and COEP
WordPress Trac
noreply at wordpress.org
Fri Nov 19 12:47:16 UTC 2021
#54474: Add cross-origin-resource-policy: cross-origin header to WordPress shared
resources to allow COOP and COEP
-----------------------------+-----------------------------
Reporter: RogierLankhorst | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
Focuses: |
-----------------------------+-----------------------------
There are some new headers, COOP and COEP, which can only be used if the
resources the website uses send the header
{{{
cross-origin-resource-policy: cross-origin
}}}
Currently, setting COEP to
{{{
Cross-Origin-Embedder-Policy: require-corp
}}}
On WordPress website will (among others) break thumbnails from the
WordPress plugin repository, gravatar, etc.
Applying this simple header to each WordPress resource that is used
embedded in WordPress installations will greatly improve security options
for end-users.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/54474>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list