MDN URL

https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/sandbox

What specific section or headline is this issue about?

allow-same-origin

What information was incorrect, unhelpful, or incomplete?

It says

allow-same-origin
If this token is not used, the resource is treated as being from a special origin that always fails the same-origin policy (potentially preventing access to data storage/cookies and some JavaScript APIs).

3 suggestions:

directionality ambiguity

That's ambiguous. It could refer to 3 things:

• requests made by this page to other pages fail the same-origin policy
• requests made to this page by other pages fail the same-origin policy
• both of the above

In reality, it's only the 1st bullet point that applies. The Content-Security-Policy: sandbox doesn't impact when this page is requested by other pages.

requests

It mentions "data storage/cookies and some JavaScript APIs", but doesn't explicitly mention requests to other sites (fetch). I think it would be good to also mention that.

mention null

It doesn't mention that the Origin header will be null. I think it should mention that, and link to the Origin header page. https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Origin

What did you expect to see?

see above

Do you have any supporting links, references, or citations?

No response

Do you have anything more you want to share?

No response

MDN metadata