With my recent version of FF, I can see that window.self.crossOriginIsolated is now true, indicating that the COEP is in effect. But what is COEP? To oversimplify: what CORS should have been.
re: Permissions-Policy, they all default to self (iframes can't use those APIs), but better safe than sorry. If first-party JS actually needs one, its line can be commented out.
With my recent version of FF, I can see that
window.self.crossOriginIsolated
is nowtrue
, indicating that the COEP is in effect. But what is COEP? To oversimplify: what CORS should have been.re:
Permissions-Policy
, they all default toself
(iframes can't use those APIs), but better safe than sorry. If first-party JS actually needs one, its line can be commented out.