Cross Origin Opener Policy
by mfoley from LinuxQuestions.org on (#6R1MN)
One of the security organizations we use has recommended implementing the Cross Origin Opener Policy header in our web pages (JSP). Problem #1 is that I haven't been able to find examples on doing this header. Is it a meta tag? A normal header?
Code:<meta name="Cross-Origin-Opener-Policy" ...>
or
<Cross-Origin-Opener-Policy ...>and how to I specify the attribute: unsafe-none, same-origin-allow-popups, same-origin?
One site gives an http example:
Code:Cross-Origin-Opener-Policy: same-origin-allow-popupsbut that looks incomplete as there is no tag. A standalone line of text like this generally does nothing and is simply displayed on the browser.
Finally, can someone give me or direct me to a human understandable description of what the attributes unsafe-none, same-origin-allow-popups and same-origin actually do?
Thanks
Code:<meta name="Cross-Origin-Opener-Policy" ...>
or
<Cross-Origin-Opener-Policy ...>and how to I specify the attribute: unsafe-none, same-origin-allow-popups, same-origin?
One site gives an http example:
Code:Cross-Origin-Opener-Policy: same-origin-allow-popupsbut that looks incomplete as there is no tag. A standalone line of text like this generally does nothing and is simply displayed on the browser.
Finally, can someone give me or direct me to a human understandable description of what the attributes unsafe-none, same-origin-allow-popups and same-origin actually do?
Thanks