Fixed #31840 -- Added support for Cross-Origin Opener Policy header.

Thanks Adam Johnson and Tim Graham for the reviews. Co-authored-by: Tim Graham <timograham@gmail.com>
author: bankc <bankc@google.com> 2020-08-26 12:09:19 -0400
committer: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2021-03-30 19:59:24 +0200
commit: db5b75f10fe211af9fab9094f937436760db8488 (patch)
tree: 8a1ba3eb35bc2e16b68b2bbb195881774a8abbc2 /docs/topics/security.txt
parent: f6018c1e63a04e0c12e2ca759e76e05ccf5e09de (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/docs/topics/security.txt b/docs/topics/security.txt
index fe692cad2a..5d60805a26 100644
--- a/docs/topics/security.txt
+++ b/docs/topics/security.txt
@@ -213,6 +213,19 @@ protect the privacy of your users, restricting under which circumstances the
 ``Referer`` header is set. See :ref:`the referrer policy section of the
 security middleware reference <referrer-policy>` for details.
 
+Cross-origin opener policy
+==========================
+
+.. versionadded:: 4.0
+
+The cross-origin opener policy (COOP) header allows browsers to isolate a
+top-level window from other documents by putting them in a different context
+group so that they cannot directly interact with the top-level window. If a
+document protected by COOP opens a cross-origin popup window, the popup’s
+``window.opener`` property will be ``null``. COOP protects against cross-origin
+attacks. See :ref:`the cross-origin opener policy section of the security
+middleware reference <cross-origin-opener-policy>` for details.
+
 Session security
 ================
author	bankc <bankc@google.com>	2020-08-26 12:09:19 -0400
committer	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2021-03-30 19:59:24 +0200
commit	db5b75f10fe211af9fab9094f937436760db8488 (patch)
tree	8a1ba3eb35bc2e16b68b2bbb195881774a8abbc2 /docs/topics/security.txt
parent	f6018c1e63a04e0c12e2ca759e76e05ccf5e09de (diff)