Navigation Isolation Policy
November 30, 2020
Navigation Isolation Policy is a server-side protection mechanism intended to mitigate CSRF, clickjacking, reflected XSS, and XS-Leaks that make use of cross-site window contexts. This is a strict policy and has the potential to break an application since it blocks all cross-site navigations, including navigations through hyperlinks.
tipInstead of rejecting all cross-site interactions, the user could be prompted to confirm the action, e.g. Confirm that you visited this page from a trusted origin, to mitigate the risk of attacks in the background, and, at the same time, help prevent unintended breakages of an application.
Implementation with Fetch Metadata #
# Reject cross-site requests to protect from clickjacking, XS-Leaks, and other bugs def allow_request(req): # Allow any request that is not cross-site if req['headers']['sec-fetch-site'] != 'cross-site': return True # Allow requests to endpoints meant to be navigated to, e.g. homepage if req.path in whitelisted_paths: return True # Block all top-level cross-site navigations, including embeds if req['headers']['sec-fetch-mode'] in ('navigate', 'nested-navigate'): return False # Allow all other requests return True