mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-24 05:36:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Fixed #31840 -- Added support for Cross-Origin Opener Policy header.

Browse source 
Thanks Adam Johnson and Tim Graham for the reviews.

Co-authored-by: Tim Graham <timograham@gmail.com>
This commit is contained in:
bankc 2020-08-26 12:09:19 -04:00 committed by Mariusz Felisiak
parent f6018c1e63
commit db5b75f10f
12 changed files with 175 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

13
docs/topics/security.txt
View file

@ -213,6 +213,19 @@ protect the privacy of your users, restricting under which circumstances the
``Referer`` header is set. See :ref:`the referrer policy section of the
security middleware reference <referrer-policy>` for details.
Cross-origin opener policy
==========================
.. versionadded:: 4.0
The cross-origin opener policy (COOP) header allows browsers to isolate a
top-level window from other documents by putting them in a different context
group so that they cannot directly interact with the top-level window. If a
document protected by COOP opens a cross-origin popup window, the popups
``window.opener`` property will be ``null``. COOP protects against cross-origin
attacks. See :ref:`the cross-origin opener policy section of the security
middleware reference <cross-origin-opener-policy>` for details.
Session security
================