Add references to From-Origin and Isolate-Me as potential opt-in mechanisms

Bug: 806996 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_mojo Change-Id: I5ffa57b0a4231917e3d3a227cb986c8f5a5f3827 Reviewed-on: https://chromium-review.googlesource.com/996313Reviewed-by: Nick Carter <nick@chromium.org> Reviewed-by: Charlie Reis <creis@chromium.org> Commit-Queue: Charlie Reis <creis@chromium.org> Cr-Commit-Position: refs/heads/master@{#548205}

Add references to From-Origin and Isolate-Me as potential opt-in mechanisms
Bug: 806996 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_mojo Change-Id: I5ffa57b0a4231917e3d3a227cb986c8f5a5f3827 Reviewed-on: https://chromium-review.googlesource.com/996313Reviewed-by: Nick Carter <nick@chromium.org> Reviewed-by: Charlie Reis <creis@chromium.org> Commit-Queue: Charlie Reis <creis@chromium.org> Cr-Commit-Position: refs/heads/master@{#548205}
cc72fae4 · Lukasz Anforowicz · Commit Bot · 236ec811 · cc72fae4
Commit cc72fae4 authored Apr 04, 2018 by Lukasz Anforowicz Committed by Commit Bot Apr 04, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 2 deletions

services/network/cross_origin_read_blocking_explainer.md services/network/cross_origin_read_blocking_explainer.md +3 -2

No files found.
--- a/services/network/cross_origin_read_blocking_explainer.md
+++ b/services/network/cross_origin_read_blocking_explainer.md
@@ -682,8 +682,9 @@ In the future CORB may be extended to protect additional resources as follows:
  This would make it possible to CORB-protect resources like
  images or JavaScript (including JSONP).
-> [lukasza@chromium.org] TODO: Is there an existing HTTP response header
+> [lukasza@chromium.org] Currently considered CORB opt-in signals include:
-> that may be used in this context?
+> - `From-Origin:` header - https://github.com/whatwg/fetch/issues/687
+> - `Isolate-Me` header - https://github.com/WICG/isolation
 ## Appendix: Early attempt to codify CORB algorithm