Cross-Origin Read Blocking (CORB)

Issue #17382911 • Assigned to Ali A.


Lukasz A.
May 4, 2018
This issue is public.
Reported by 1 person

Sign in to watch or report this issue.

Steps to reproduce

Cross-origin read blocking, better known as CORB, is an algorithm by which dubious cross-origin resource fetches are identified and blocked before they reach a web page. CORB reduces the risk of leaking sensitive data by keeping it further from cross-origin web pages. In most browsers, it keeps such data out of untrusted script execution contexts. In browsers with Site Isolation, it can keep such data out of untrusted renderer processes entirely, helping even against side channel attacks.

More info:


0 attachments

    Comments and activity

    • FYI: I’m about to land the Fetch PR. It standardizes all the bits of CORB that can be implemented without sniffing the response. Tests can be found in fetch/corb in web-platform-tests.

    • Microsoft Edge Team

      Changed Assigned To to “Steven K.”

      Changed Assigned To to “Arvind M.”

      Changed Assigned To from “Arvind M.” to “Ali A.”

    You need to sign in to your Microsoft account to add a comment.

    Sign in