safeweb: Set Cross-Origin-Opener-Policy for browser requests (#15936) - tailscale - The easiest, most secure way to use WireGuard and 2FA

diff options

author	Patrick O'Doherty <patrick@tailscale.com>	2025-05-09 13:44:36 -0700
committer	GitHub <noreply@github.com>	2025-05-09 13:44:36 -0700
commit	3177e50b1402052bca4fd2cfb69279bd82380f73 (patch)
tree	65f62058126276ce37594c439d07ab1d438ddd36 /control/controlhttp/controlhttpserver/controlhttpserver.go
parent	3c98964065c8079382cd0803a889fcce76063b24 (diff)
download	tailscale-3177e50b1402052bca4fd2cfb69279bd82380f73.tar.xz tailscale-3177e50b1402052bca4fd2cfb69279bd82380f73.zip

safeweb: Set Cross-Origin-Opener-Policy for browser requests (#15936)

Set Cross-Origin-Opener-Policy: same-origin for all browser requests to prevent window.location manipulation by malicious origins. Updates tailscale/corp#28480 Thank you to Triet H.M. Pham for the report. Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>

Diffstat (limited to 'control/controlhttp/controlhttpserver/controlhttpserver.go')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: