Add a noopener-allow-popups value to COOP
#10394
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
annevk
reviewed
Jun 10, 2024
There was a problem hiding this comment.
Would like to hear what @camillelamy thinks as well, but I think one change I'd like to see is that we drop "cross-origin" from the internal naming scheme now that we make it apply to same-origin scenarios.
(We probably don't want to change any of the IDs though.)
It also seems to me some other algorithms need updating here:
- obtain a cross-origin opener policy
- check if COOP values require a browsing context group switch
annevk
added
addition/proposal
Would it make sense to spin off this editorial only change to a separate PR? (happy to work on it, just wondering RE editorial vs. functional split)
Oops, added!
I think this is covered by the change to matching COOP, but I could be I'm missing something.. |
|
@yoavweiss I think once we have agreement for this PR, that could be a separate PR as well (to be landed first). It would be a bit of extra work, but I agree that it would be nicer. |
yoavweiss
force-pushed
the
coop_noopener_allow_popups
branch
from
9aa933f
to
a743f59
Compare
yoavweiss
added a commit
to yoavweiss/WebKit
that referenced
this pull request
Jul 2, 2024
https://bugs.webkit.org/show_bug.cgi?id=275147 Reviewed by NOBODY (OOPS!). The `noopener-allow-popups` COOP value would enable a document to ensure it can't be scripted by other same-origin documents that have opened it. Some origins can contain different applications with different levels of security requirements. In those cases, it can be beneficial to prevent scripts running in one application from being able to open and script pages of another same-origin application. The noopener-allow-popups Cross-Origin-Opener-Policy value severs the opener relationship between the document loaded with this policy and its opener. At the same time, this document can open further documents (as the "allow-popups" in the name suggests) and maintain its opener relationship with them, assuming that their COOP policy allows it. This implements whatwg/html#10394 * LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/resources/reporting-common.js: (const.coopHeaders): A helper to create headers in a more succinct way. * LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/tentative/access-to-noopener-page-from-no-coop-ro.https-expected.txt: Added. * LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/tentative/access-to-noopener-page-from-no-coop-ro.https.html: Added. * LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/resources/noopener-helper.js: Added. (getExecutorPath): (const.test_noopener_opening_popup): The logic for the noopener tests. (async const): * LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/tentative/noopener/coop-noopener-allow-popups.https-expected.txt: Added. * LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/tentative/noopener/coop-noopener-allow-popups.https.html: Added. * Source/WebCore/loader/CrossOriginOpenerPolicy.cpp: (WebCore::crossOriginOpenerPolicyToString): Add the "noopener-allow-popups" string. (WebCore::crossOriginOpenerPolicyValueToEffectivePolicyString): Add the "noopener-allow-popups" string. (WebCore::matchingCOOP): Implement the related HTML algorithm. (WebCore::coopValuesRequireBrowsingContextGroupSwitch): Implement the switching logic related to noopener-allow-popups. (WebCore::obtainCrossOriginOpenerPolicy): Parse the "noopener-allow-popups" value. * Source/WebCore/loader/CrossOriginOpenerPolicy.h: Add the noopener-allow-popups enum value. * Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in: Add the noopener-allow-popups enum value.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #10373
Some origins can contain different applications with different levels of security requirements. In those cases, it can be beneficial to prevent scripts running in one application from being able to open and script pages of another same-origin application.
In such cases, it can be beneficial for a document to ensure its opener cannot script it, even if the opener document is a same-origin one.
This PR adds a
noopener-allow-popupsCross-Origin-Opener-Policy value that severs the opener relationship between the document loaded with this policy and its opener. At the same time, this document can open further documents (as the "allow-popups" in the name suggests) and maintain its opener relationship with them, assuming that their COOP policy allows it.Explainer
(See WHATWG Working Mode: Changes for more details.)
/browsers.html ( diff )