Contact [email protected] Explainerhttps://github.com/hemeryar/coi-with-popups
Specificationhttps://github.com/whatwg/html/issues/6364 Summary Cross-Origin-Opener-Policy is used to sever the relationship between popup and openers, to increase security. "restrict-properties" is a proposed value that restricts the relationship instead of completely severing it. It would enable crossOriginIsolated when paired with COEP. Blink componentBlink>SecurityFeature>COOP <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3ECOOP> Search tagsCOOP <https://chromestatus.com/features#tags:COOP>, restrict-properties <https://chromestatus.com/features#tags:restrict-properties> Risks Interoperability and Compatibility It could fail to become an interoperable part of the web platform if other browsers do not implement it. The OT is intended to gather user feedback to get support from Mozilla. *Gecko*: No signal *WebKit*: No signal *Web developers*: No signals *Other signals*: Have a few partners interested in trying this out like Zoom and Facebook, as well as a couple of internal partners (altimin@ for perfetto dashboards, vickyzhu@ for gmail, etc.). WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? Goals for experimentation The goal for this experiment is to give partners the possibility to try the new value at scale and to discover potential deployment blockers that were not anticipated (e.g. external dependency, same-origin communications required, etc.) Debuggability COOP reporting will support restricted cross-origin properties reporting, similar to what exists for other COOP values. Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?Yes COOP is parsed on all platforms, but the process model implied might vary. Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ?Yes under wpt/html/cross-origin-opener-policy /tentative/restrict-properties. Flag name --enable-features='CoopRestrictProperties' Requires code in //chrome?False Tracking bughttps://bugs.chromium.org/p/chromium/issues/detail?id=1221127 Launch bughttps://bugs.chromium.org/p/chromium/issues/detail?id=1347385 Estimated milestones OriginTrial desktop last 119 OriginTrial desktop first 116 OriginTrial Android last 119 OriginTrial Android first 116 Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5072630953017344 Links to previous Intent discussionsPrevious Intent to experiment, dropped because implementation was incomplete: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAF07A2UMOnEEY%2BG4bjE6kiPtw9insquxztWYDb%3DE9bnb-_dZow%40mail.gmail.com <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAF07A2UMOnEEY%2BG4bjE6kiPtw9insquxztWYDb%3DE9bnb-_dZow%40mail.gmail.com> Intent to prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAF07A2Uw-Oh0d7ktTPnV%3D8TTrr%2BNcTgfiLxzFd2P2QLD18qNsw%40mail.gmail.com <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAF07A2Uw-Oh0d7ktTPnV=8ttrr+nctgfilxzfd2p2qld18q...@mail.gmail.com> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAF07A2U6Roco9aJwOxCv9vFhXffbOyZDcxiEOKH3cEC6GJsp0w%40mail.gmail.com.
