Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a noopener-allow-popups value to COOP #360

Closed
yoavweiss opened this issue Jun 5, 2024 · 3 comments
Closed

Add a noopener-allow-popups value to COOP #360

yoavweiss opened this issue Jun 5, 2024 · 3 comments
Labels
from: other Proposed, edited, or co-edited by an individual or entity that doesn't have a more specific label. position: support topic: web apis Spec relates to web APIs (entry points for script) venue: WHATWG HTML Workstream

Comments

@yoavweiss
Copy link

yoavweiss commented Jun 5, 2024

WebKittens

@annevk

Title of the spec

noopener-allow-popups value in COOP

URL to the spec

whatwg/html#10394

URL to the spec's repository

https://github.com/whatwg/html

Issue Tracker URL

whatwg/html#10373

Explainer URL

whatwg/html#10394 (comment)

TAG Design Review URL

w3ctag/design-reviews#964

Mozilla standards-positions issue URL

mozilla/standards-positions#1037

WebKit Bugzilla URL

https://bugs.webkit.org/show_bug.cgi?id=275147

Radar URL

rdar://129664445

Description

This proposal would enable a document to ensure it can't be scripted by other same-origin documents that have opened it.

Some origins can contain different applications with different levels of security requirements. In those cases, it can be beneficial to prevent scripts running in one application from being able to open and script pages of another same-origin application.

The noopener-allow-popups Cross-Origin-Opener-Policy value severs the opener relationship between the document loaded with this policy and its opener. At the same time, this document can open further documents (as the "allow-popups" in the name suggests) and maintain its opener relationship with them, assuming that their COOP policy allows it.

@annevk
Copy link
Contributor

annevk commented Jun 17, 2024

This seems reasonable. I suggest we mark this as "position: support" one week from now. I know @smaug---- has given some input on disliking the proposed name, but I'm not really sure what would be a better fit.

@smaug----
Copy link

FWIW, I'm mostly concerned that the noopener part seems to be rather distinct feature. Coupling that with COOP feels weird.

@yoavweiss
Copy link
Author

This was discussed at the June 20th WHATNOT call.

@annevk annevk closed this as completed Aug 20, 2024
@annevk annevk added the from: other Proposed, edited, or co-edited by an individual or entity that doesn't have a more specific label. label Oct 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
from: other Proposed, edited, or co-edited by an individual or entity that doesn't have a more specific label. position: support topic: web apis Spec relates to web APIs (entry points for script) venue: WHATWG HTML Workstream
Projects
None yet
Development

No branches or pull requests

3 participants