You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
*[Incorporate navigation initiator into the HTTP cache partition key](#incorporate-navigation-initiator-into-the-http-cache-partition-key)
43
-
*[CSP `require-sri-for` for scripts](#csp-require-sri-for-for-scripts)
44
41
*[Create service worker client and inherit service worker controller for iframe with `srcdoc`](#create-service-worker-client-and-inherit-service-worker-controller-for-iframe-with-srcdoc)
45
42
*[Dispatching click events to captured pointer](#dispatching-click-events-to-captured-pointer)
46
43
*[Float16Array](#float16array)
@@ -193,16 +190,6 @@ The SVGAElement interface in SVG 2.0 allows manipulating SVG `<a>` elements simi
193
190
The Web Speech API is a web standard API that allows developers to incorporate speech recognition and synthesis into their web pages. Currently, the Web Speech API uses the user's default microphone as the audio input. MediaStreamTrack support allows websites to use the Web Speech API to caption other sources of audio including remote audio tracks.
194
191
195
192
196
-
<!-- ---------- -->
197
-
###### Blob URL Partitioning: Fetching/Navigation
198
-
199
-
Blob URL access is now partitioned by storage key. Storage keys are top-level sites, frame origins, and the has-cross-site-ancestor boolean. Top-level navigations remain partitioned only by frame origin. This behavior is similar to what's currently implemented by both Firefox and Safari, and aligns Blob URL usage with the partitioning scheme used by other storage APIs as part of Storage Partitioning.
200
-
201
-
In addition, Edge now enforce noopener on renderer-initiated top-level navigations to Blob URLs where the corresponding site is cross-site to the top-level site performing the navigation. This aligns with similar behavior in Safari and with the corresponding specifications.
202
-
203
-
This change can be temporarily reverted by setting the `PartitionedBlobUrlUsage` policy. If this policy is set to `Enabled` or not set, Blob URLs are partitioned. If this policy is set to `Disabled`, Blob URLs are not partitioned.
204
-
205
-
206
193
<!-- ---------- -->
207
194
###### Partitioning `:visited` links history
208
195
@@ -211,18 +198,6 @@ To eliminate user browsing history leaks, HTML `<a>` elements are now styled as
211
198
_Self-links_ are excluded from this: links to a site's own pages can be styled as `:visited` even if they have not been clicked on in this exact top-level site and frame origin before. This exemption is only enabled in top-level frames or subframes which are same-origin with the top-level frame.
212
199
213
200
214
-
<!-- ---------- -->
215
-
###### Incorporate navigation initiator into the HTTP cache partition key
216
-
217
-
The browser's HTTP cache keying scheme now includes an `is-cross-site-main-frame-navigation` boolean to mitigate cross-site leak attacks involving top-level navigation. This prevents cross-site attacks in which an attacker can initiate a top-level navigation to a given page and then navigate to a resource known to be loaded by the page in order to infer sensitive information via load timing. This change also improves privacy by preventing a malicious site from using navigations to infer whether a user has visited a given site previously.
218
-
219
-
220
-
<!-- ---------- -->
221
-
###### CSP `require-sri-for` for scripts
222
-
223
-
The `require-sri-for` directive, and its `script` value, give developers the ability to assert that every resource of a given type needs to be checked for integrity. If a resource of that type is attempted to be loaded without integrity metadata, that attempt will fail and trigger a CSP violation report.
224
-
225
-
226
201
<!-- ---------- -->
227
202
###### Create service worker client and inherit service worker controller for iframe with `srcdoc`
0 commit comments