[wp-trac] [WordPress Trac] #54474: Add cross-origin-resource-policy: cross-origin header to WordPress shared resources to allow COOP and COEP
WordPress Trac
noreply at wordpress.org
Tue Jun 7 08:30:24 UTC 2022
#54474: Add cross-origin-resource-policy: cross-origin header to WordPress shared
resources to allow COOP and COEP
-----------------------------+------------------------------
Reporter: RogierLankhorst | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
-----------------------------+------------------------------
Comment (by RogierLankhorst):
When I submitted this ticked, I wrongfully understood this header to
improve security. I have now concluded that the COEP, COOP and CORP header
do not actually improve security, but are a way to achieve Cross Origin
Isolation. This is required if an application uses javascript code that
leverages certain functions like sharedArrayBuffer,
performance.measureMemory, and similar functions which were disabled to
prevent Spectre side channel attacks.
I don't expect there to be a use case for this with in WordPress however.
So in my opinion the ticket can be closed again.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/54474#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list