WebUI: set Cross Origin Opener Policy to same-origin

This separates browsing context for different origin sites and prevents leaking data from it. This header is only present when using built-in WebUI. Alternative WebUI is not affected. https://web.dev/why-coop-coep/#coop PR #19157.
2025-12-20 23:47:23 -06:00 · 2023-06-14 13:38:48 +08:00
parent 79ca2e145f
commit f6b58f36e2
2 changed files with 4 additions and 0 deletions
--- a/src/base/http/types.h
+++ b/src/base/http/types.h
@@ -47,6 +47,7 @@ namespace Http
    inline const QString HEADER_CONTENT_LENGTH = u"content-length"_qs;
    inline const QString HEADER_CONTENT_SECURITY_POLICY = u"content-security-policy"_qs;
    inline const QString HEADER_CONTENT_TYPE = u"content-type"_qs;
+    inline const QString HEADER_CROSS_ORIGIN_OPENER_POLICY  = u"cross-origin-opener-policy"_qs;
    inline const QString HEADER_DATE = u"date"_qs;
    inline const QString HEADER_HOST = u"host"_qs;
    inline const QString HEADER_ORIGIN = u"origin"_qs;