add missing headers

hyperium · Oct 14, 2024 · 1da5436 · 1da5436
1 parent 8b74d71
commit 1da5436
Show file tree

Hide file tree

Showing 6 changed files with 74 additions and 0 deletions.
diff --git a/benches/src/header_map/basic.rs b/benches/src/header_map/basic.rs
@@ -549,6 +549,9 @@ const STD: &'static [HeaderName] = &[
     CONTENT_SECURITY_POLICY_REPORT_ONLY,
     CONTENT_TYPE,
     COOKIE,
+    CROSS_ORIGIN_EMBEDDER_POLICY,
+    CROSS_ORIGIN_OPENER_POLICY,
+    CROSS_ORIGIN_RESOURCE_POLICY,
     DNT,
     DATE,
     ETAG,

diff --git a/src/header/mod.rs b/src/header/mod.rs
@@ -116,6 +116,9 @@ pub use self::name::{
     CONTENT_SECURITY_POLICY_REPORT_ONLY,
     CONTENT_TYPE,
     COOKIE,
+    CROSS_ORIGIN_EMBEDDER_POLICY,
+    CROSS_ORIGIN_OPENER_POLICY,
+    CROSS_ORIGIN_RESOURCE_POLICY,
     DNT,
     DATE,
     ETAG,

diff --git a/src/header/name.rs b/src/header/name.rs
@@ -476,6 +476,34 @@ standard_headers! {
     /// the browser are set to block them, for example.
     (Cookie, COOKIE, b"cookie");
 
+    /// The HTTP Cross-Origin-Embedder-Policy (COEP) response header configures
+    /// embedding cross-origin resources into the document.
+    ///
+    /// You can only access certain features like SharedArrayBuffer objects or
+    /// Performance.now() with unthrottled timers, if your document has a COEP
+    /// header with a value of require-corp or credentialless set.
+    (CrossOriginEmbedderPolicy,CROSS_ORIGIN_EMBEDDER_POLICY,b"cross-origin-embedder-policy");
+
+    /// The HTTP Cross-Origin-Opener-Policy (COOP) response header allows you
+    /// to ensure a top-level document does not share a browsing context group
+    /// with cross-origin documents.
+    ///
+    /// COOP will process-isolate your document and potential attackers can't
+    /// access your global object if they were to open it in a popup,
+    /// preventing a set of cross-origin attacks dubbed XS-Leaks.
+    ///
+    /// If a cross-origin document with COOP is opened in a new window, the
+    /// opening document will not have a reference to it, and the
+    /// window.opener property of the new window will be null. This allows
+    /// you to have more control over references to a window than
+    /// rel=noopener, which only affects outgoing navigations.
+    (CrossOriginOpenerPolicy,CROSS_ORIGIN_OPENER_POLICY,b"cross-origin-opener-policy");
+
+    /// The HTTP Cross-Origin-Resource-Policy response header conveys a
+    /// desire that the browser blocks no-cors cross-origin/cross-site
+    /// requests to the given resource.
+    (CrossOriginResourcePolicy,CROSS_ORIGIN_RESOURCE_POLICY,b"cross-origin-resource-policy");
+
     /// Indicates the client's tracking preference.
     ///
     /// This header lets users indicate whether they would prefer privacy rather

diff --git a/tests/header_map.rs b/tests/header_map.rs
@@ -359,6 +359,9 @@ const STD: &'static [HeaderName] = &[
     CONTENT_SECURITY_POLICY_REPORT_ONLY,
     CONTENT_TYPE,
     COOKIE,
+    CROSS_ORIGIN_EMBEDDER_POLICY,
+    CROSS_ORIGIN_OPENER_POLICY,
+    CROSS_ORIGIN_RESOURCE_POLICY,
     DNT,
     DATE,
     ETAG,

diff --git a/tests/header_map_fuzz.rs b/tests/header_map_fuzz.rs
@@ -285,6 +285,9 @@ fn gen_header_name(g: &mut StdRng) -> HeaderName {
         header::CONTENT_SECURITY_POLICY_REPORT_ONLY,
         header::CONTENT_TYPE,
         header::COOKIE,
+        header::CROSS_ORIGIN_EMBEDDER_POLICY,
+        header::CROSS_ORIGIN_OPENER_POLICY,
+        header::CROSS_ORIGIN_RESOURCE_POLICY,
         header::DNT,
         header::DATE,
         header::ETAG,

diff --git a/util/src/main.rs b/util/src/main.rs
@@ -407,6 +407,40 @@ standard_headers! {
     "#,
     "cookie";
 
+    r#"
+    /// The HTTP Cross-Origin-Embedder-Policy (COEP) response header configures
+    /// embedding cross-origin resources into the document.
+    /// 
+    /// You can only access certain features like SharedArrayBuffer objects or 
+    /// Performance.now() with unthrottled timers, if your document has a COEP 
+    /// header with a value of require-corp or credentialless set.
+    "#,
+    "cross-origin-embedder-policy";
+
+    r#"
+    /// The HTTP Cross-Origin-Opener-Policy (COOP) response header allows you 
+    /// to ensure a top-level document does not share a browsing context group
+    /// with cross-origin documents.
+    ///
+    /// COOP will process-isolate your document and potential attackers can't
+    /// access your global object if they were to open it in a popup, 
+    /// preventing a set of cross-origin attacks dubbed XS-Leaks.
+    ///
+    /// If a cross-origin document with COOP is opened in a new window, the
+    /// opening document will not have a reference to it, and the
+    /// window.opener property of the new window will be null. This allows
+    /// you to have more control over references to a window than
+    /// rel=noopener, which only affects outgoing navigations.
+    "#,
+    "cross-origin-opener-policy";
+
+    r#"
+    /// The HTTP Cross-Origin-Resource-Policy response header conveys a
+    /// desire that the browser blocks no-cors cross-origin/cross-site
+    /// requests to the given resource.
+    "#,
+    "cross-origin-resource-policy";
+
     r#"
     /// Indicates the client's tracking preference.
     ///