WHATWG
2024-05-24
plaintext logs
prev next
source on github
02:58
<Domenic>
Luke Warlow: Thanks as always for the great PRs. FYI bugfixes are not counted as "editorial". (Same for adding new features, like all the DOM parsing work you've been doing).
09:09
<css5>

Hello there,

I'm wondering if there is a solution to prevent js/css/images/... to be loaded on other domains. I found this referer solution (https://stackoverflow.com/a/21133555), but is there also another way (which is compatible with Referrer-Policy: no-referrer)? I was hoping to find like X-Frame-Options, where you can limit iframes to same origin.
Reason I ask is because I have a multi-domain website and a "only allow css/js/img on same origin"-solution would be nice. Couldn't find something like this in the spec, or am I missing something?

Thanks!

09:22
<annevk>
css5: Cross-Origin-Resource-Policy: same-origin should do the trick.
09:25
<css5>
Exactly what I was looking for, thanks a lot!