What is the "OOR-CORS"?

169 views

Skip to first unread message

Deliaz

unread,

May 7, 2019, 6:16:04 AM5/7/19

to Chromium-discuss

I was reading about CORB and the latest changes in the Chromium project security and met abbreviation "OOR-CORS". I know what is CORS originally, but what is that "OOR-" about?

Some links, where I found that:

https://www.chromestatus.com/feature/6247959677108224

https://bugs.chromium.org/p/chromium/issues/detail?id=736308

https://bugs.chromium.org/p/chromium/issues/list?q=label:OOR-CORS

https://groups.google.com/a/chromium.org/forum/#!msg/chromium-reviews/T6W4c5IFELM/4J9pA7-3AQAJ

PhistucK

unread,

May 8, 2019, 7:07:33 AM5/8/19

to d3l...@gmail.com, Chromium-discuss

I believe it is "Out Of Renderer".

Historically, the renderer was in charge of CORS handling/management (either partially or fully). Since this could be insecure, as a renderer process can be compromised within itself (much more than the browser, thanks to the sandbox feature), CORS handling/management is being re-implemented in the browser process (or in the network service perhaps). This will allow two things, I think -

1. sendBeacon/fetch-with-keepAlive with CORS support.

2. CORS support for content script fetches.

☆PhistucK

--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss

---
You received this message because you are subscribed to the Google Groups "Chromium-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discu...@chromium.org.

Reply all

Reply to author

Forward

0 new messages