FEP-fe34 origin-based security model
Implements comprehensive origin-based security checks following FEP-fe34 specification to prevent content spoofing attacks and maintain secure federation practices. Key changes: - Add crossOrigin option to property accessors and lookupObject() with three modes: "ignore" (default), "throw", and "trust" - Implement trust tracking system for embedded objects using trust sets - Add origin validation for object @id vs document URL in lookupObject() - Add origin validation for property objects vs their parent object - Update documentation with security model explanations and examples - Add comprehensive tests for all cross-origin scenarios This replaces the previous FEP-c7d3 ownership model with the more robust origin-based approach, ensuring objects and their properties respect origin boundaries to prevent malicious content spoofing. See also http://w3id.org/fep/fe34 Fixes https://github.com/fedify-dev/fedify/issues/440 Co-Authored-By:Claude <noreply@anthropic.com>
Loading
Please register or sign in to comment