Navigation Isolation Policy
November 30, 2020
Navigation Isolation Policy is a server-side protection mechanism intended to mitigate CSRF, clickjacking, reflected XSS, and XS-Leaks that make use of cross-site window contexts. This is a strict policy and has the potential to break an application since it blocks all cross-site navigations, including navigations through hyperlinks.
tip
Instead of rejecting all cross-site interactions, the user could be prompted to confirm the action, e.g. Confirm that you visited this page from a trusted origin, to mitigate the risk of attacks in the background, and, at the same time, help prevent unintended breakages of an application.
Implementation with Fetch Metadata #
The below snippet showcases an example implementation of the Navigation Isolation Policy with the use of Fetch Metadata headers 1:
# Reject cross-site requests to protect from clickjacking, XS-Leaks, and other bugs
def allow_request(req):
# Allow any request that is not cross-site
if req['headers']['sec-fetch-site'] != 'cross-site':
return True
# Allow requests to endpoints meant to be navigated to, e.g. homepage
if req.path in whitelisted_paths:
return True
# Block all top-level cross-site navigations, including embeds
if req['headers']['sec-fetch-mode'] in ('navigate', 'nested-navigate'):
return False
# Allow all other requests
return True