Adding documentation for FM and COOP/COEP #1
Conversation
* Fetch Metadata docs * Added explanations of FM and COOP/COEP * Add docs for COOP and COEP * Update source/security/index.md Co-authored-by: Sal <salchoman@gmail.com> * Update source/security/index.md Co-authored-by: Sal <salchoman@gmail.com> * Removed extra white space * Update source/core-developers/fetch-metadata-interceptor.md Co-authored-by: Sal <salchoman@gmail.com> * Update source/core-developers/fetch-metadata-interceptor.md Co-authored-by: Sal <salchoman@gmail.com> * Update source/core-developers/fetch-metadata-interceptor.md Co-authored-by: Sal <salchoman@gmail.com> * Update source/core-developers/fetch-metadata-interceptor.md Co-authored-by: Sal <salchoman@gmail.com> * Fixes based on PR comments Co-authored-by: Giannis Chatziveroglou <gchatz@mit.edu> Co-authored-by: Sal <salchoman@gmail.com>
There was a problem hiding this comment.
In general: exemptedPaths is a parameter that does exact string matching against the path associated with URL requests. That means that the parameter should only receive relative paths with a trailing slash. All parameters have default values, so instead of saying 'this parameter has no default value' we must say 'the default set of exempted paths is empty'. This applies for all the files in this PR.
Additionally, there seems to be a confusion between Fetch Metadata and Resource Isolation Policies. Fetch Metadata specifies what the Sec-Fetch-* headers are and what they mean. Resource Isolation Policies read those headers and take actions depending on their values. This means we should never say "here's how to implement Fetch Metadata" (because only browsers implement that), instead we should say "here's how you can implement a resource isolation policy based on Fetch Metadata headers".
Co-authored-by: Sal <salchoman@gmail.com>
Co-authored-by: Sal <salchoman@gmail.com>
Moving our changes to your repo so you can later submit a PR upstream!