Mike West

> I'm not familiar with COEP, but would Cross-Origin-Embedder-Policy: require-corp make sure that there's no cross-site frames or a portal? It would require cross-origin frames to opt-into being embedded, by...

> IIUC, sending `Cross-Origin-Resource-Policy: cross-origin` would allow cross-site frames to be embedded? Yes. The frame can opt-in to being embedded. As I said above, it still has substantial impact, as...

Closing this out, as `[CrossOriginIsolated]` either deals with this or doesn't, but either way should be dealt with elsewhere. :)

I doubt anyone things COOP/COEP is the "best possible" solution for much of anything. :) I also didn't want to get too off-topic in that other thread, but was also...

Archiving this repo, closing this out in favor of the bugs you filed (that we unfortunately didn't make much progress on).

Hey, Yoav! I think it's important that we give developers a solid understanding of the performance characteristics of their sites; that's good for users! Still, when doing so we need...

Hey Yoav! I'm archiving this repo. I think some of the questions here were dealt with via `[CrossOriginIsolated]` and/or https://www.w3.org/TR/post-spectre-webdev/? There are probably some left, but filing them elsewhere would...

I agree with you that this is a risk of signature-based mechanisms that doesn't exist with content-based mechanisms like hashes. It sounds like you'd suggest including more data in the...

We talked about this a little bit at lunch, and I like the idea of allowing signatures and digests to be used side-by-side. That would be a mechanism for addressing...

@adrianhopebailie: Thanks for the pointer! Skimming quickly though that document, it seems to be addressing a larger set of problems than we actually need for this use case. That said,...