COOP and COEP: Is there an advantage to enabling COOP / COEP if I don’t need to use the sharedArrayBuffer or other features?

COOP: cross origin opener policy
COEP: Cross origin embedder policy
Most of the articles on the web, related to COOP / COEP, point to the fact that by enabling COOP / COEP , your web page can use the sharedArrayBuffer and some other precis… Continue reading COOP and COEP: Is there an advantage to enabling COOP / COEP if I don’t need to use the sharedArrayBuffer or other features?

I have CSRF protection implemented server side, can I safely use `SameSite=None; Secure; HttpOnly`?

We have a web service where GET is always safe and all unsafe POST requests use single-use CSRF tokens. We have some cases where cross-origin domain would need to pass us POST request with data that should be used with currently active use… Continue reading I have CSRF protection implemented server side, can I safely use `SameSite=None; Secure; HttpOnly`?

SubtleCrypto with non-extractable keys stored in IndexedDB – Cross Origin Usage

In a browser I want to use SublteCrypto (https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto) to create a key pair and store it locally in the IndexedDB (https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API).
Storing th… Continue reading SubtleCrypto with non-extractable keys stored in IndexedDB – Cross Origin Usage