From 36eabcd45ed8f8bea4dce32aa1b3456643071a4b Mon Sep 17 00:00:00 2001 From: Pedro Bernardo Date: Mon, 14 Apr 2025 16:36:42 +0200 Subject: [PATCH] Remove NIP as a CORP XS-Leak mitigation Here [1] is stated that "CORP does not protect against navigational requests.". If this is the case, the presence of a NIP would not impact CORP-based XS-leaks since it is not possible to distinguish navigational requests based on interactions with the CORP. [1] - [https://xsleaks.dev/docs/defenses/opt-in/corp/](https://xsleaks.dev/docs/defenses/opt-in/corp/) --- content/docs/attacks/browser-features/corp.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/content/docs/attacks/browser-features/corp.md b/content/docs/attacks/browser-features/corp.md index 16fca0f79..8944ab1eb 100644 --- a/content/docs/attacks/browser-features/corp.md +++ b/content/docs/attacks/browser-features/corp.md @@ -26,6 +26,4 @@ An application can avoid this XS-Leak if it guarantees `CORP` is deployed in all | [SameSite Cookies (Lax)]({{< ref "/docs/defenses/opt-in/same-site-cookies.md" >}}) | [COOP]({{< ref "/docs/defenses/opt-in/coop.md" >}}) | [Framing Protections]({{< ref "/docs/defenses/opt-in/xfo.md" >}}) | [Isolation Policies]({{< ref "/docs/defenses/isolation-policies" >}}) | | :--------------------------------------------------------------------------------: | :-------------------------------------------------: | :---------------------------------------------------------------: | :-----------------------------------------------------------------------------------------------------------------------------------------------------: | -| ✔️ | ❌ | ❌ | [RIP]({{< ref "/docs/defenses/isolation-policies/resource-isolation" >}}) 🔗 [NIP]({{< ref "/docs/defenses/isolation-policies/navigation-isolation" >}}) | - -🔗 – Defense mechanisms must be combined to be effective against different scenarios. +| ✔️ | ❌ | ❌ | [RIP]({{< ref "/docs/defenses/isolation-policies/resource-isolation" >}}) |