Add a noopener-allow-popups value to COOP #360
Labels
from: other
Proposed, edited, or co-edited by an individual or entity that doesn't have a more specific label.
position: support
topic: web apis
Spec relates to web APIs (entry points for script)
venue: WHATWG HTML Workstream
WebKittens
@annevk
Title of the spec
noopener-allow-popups value in COOP
URL to the spec
whatwg/html#10394
URL to the spec's repository
https://github.com/whatwg/html
Issue Tracker URL
whatwg/html#10373
Explainer URL
whatwg/html#10394 (comment)
TAG Design Review URL
w3ctag/design-reviews#964
Mozilla standards-positions issue URL
mozilla/standards-positions#1037
WebKit Bugzilla URL
https://bugs.webkit.org/show_bug.cgi?id=275147
Radar URL
rdar://129664445
Description
This proposal would enable a document to ensure it can't be scripted by other same-origin documents that have opened it.
Some origins can contain different applications with different levels of security requirements. In those cases, it can be beneficial to prevent scripts running in one application from being able to open and script pages of another same-origin application.
The noopener-allow-popups Cross-Origin-Opener-Policy value severs the opener relationship between the document loaded with this policy and its opener. At the same time, this document can open further documents (as the "allow-popups" in the name suggests) and maintain its opener relationship with them, assuming that their COOP policy allows it.
The text was updated successfully, but these errors were encountered: