Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New guideline on fetch metadata request headers? #13

Open
torgo opened this issue Feb 24, 2025 · 1 comment
Open

New guideline on fetch metadata request headers? #13

torgo opened this issue Feb 24, 2025 · 1 comment
Assignees
@simoneonofri

Comments

@torgo
Copy link
Collaborator

torgo commented Feb 24, 2025

Something like:

Enforce Fetch Metadata Request Headers
Fetch Metadata is a set of security headers designed by the W3C Web Application Security Working Group to help protect web applications from cross-site request forgery (CSRF), cross-site leaks (XS-Leaks), and other cross-origin attacks. These headers allow servers to determine whether an incoming request originates from a trusted source or an untrusted cross-site context.

Find out more here: https://developer.mozilla.org/en-US/docs/Glossary/Fetch_metadata_request_header and here https://web.dev/articles/fetch-metadata
@torgo
Copy link
Collaborator Author

torgo commented Feb 24, 2025

side-note : this spec https://www.w3.org/TR/fetch-metadata/ is still listed as a draft even though it's been implemented in all browsers. We should probably encourage it to be published as a proper rec.

@torgo torgo changed the title New guideline on metadata request headers? New guideline on fetch metadata request headers? Feb 24, 2025
@simoneonofri simoneonofri self-assigned this Feb 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@simoneonofri simoneonofri

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@torgo @simoneonofri