COOP about:blank inheritance not clearly defined #5168
Comments
zcorpan
added
the
topic: cross-origin-opener-policy
|
Also, this would be yet another deviation from other existing examples of inheritance: For most other things about:blank inherits from its creator context, not the creator's top-level active document. |
|
What would you prefer @wanderview? |
|
Ideally I'd prefer it was inherited from its immediate parent like the about:blank iframe's origin. I don't know if that is reasonable for COOP, though. If the parent's COOP policy was inherited from its parent and so on, it would kind of devolve to inheriting from the top-level, but a frame in the middle could change the policy with a header? |
|
HTTP-delivered document A2 inheriting from parent A1 is also not quite like existing practice as we don't inherit policies for HTTP-delivered documents generally. Also, presumably we don't want to do that cross-origin so A1 embedding B embedding A2 would break. Now requiring COOP is an interesting idea, but that means that if A2 in the above scenario does not set COOP and A1 does (or they set a different COOP) and A2 creates a popup we'd have to "noopener" it. This would probably work, though it seems somewhat cumbersome that COOP is generally for top-level only unless you want to open a popup from a framed document in which case you also need to set it on the framed document. |
|
Another way to think about the model (and a potential way to rewrite it) is that we store COOP on the BCG and also retrieve it from there, and because of https://gist.github.com/annevk/6f2dd8c79c77123f39797f6bdac43f3e#changes-to-choosing-a-browsing-context no inheritance would be needed, though it ends up meaning the exact same thing. This might be slightly better as it would not impact subframes which are not impacted by COOP to begin with (only COEP). (Yet another way to accomplish this would be to let "choosing a browsing context" pass a parameter down to initial about:blank creation of an auxiliary browsing context and settle it that way.) |
Fixes whatwg#3740. Closes whatwg#4580. Need to check again if it closes them: * whatwg#4921 * whatwg#5168 * whatwg#5172 * whatwg#5198 (probably not?) Co-authored-by: Anne van Kesteren <annevk@annevk.nl>
Fixes whatwg#3740. Closes whatwg#4580. Need to check again if it closes them: * whatwg#4921 * whatwg#5168 * whatwg#5172 * whatwg#5198 (probably not?) Co-authored-by: Anne van Kesteren <annevk@annevk.nl>
Fixes whatwg#3740. Closes whatwg#4580. Need to check again if it closes them: * whatwg#4921 * whatwg#5168 * whatwg#5172 * whatwg#5198 (probably not?) Co-authored-by: Anne van Kesteren <annevk@annevk.nl>
Fixes whatwg#3740. Closes whatwg#4580. Need to check again if it closes them: * whatwg#4921 * whatwg#5168 * whatwg#5172 * whatwg#5198 (probably not?) Co-authored-by: Anne van Kesteren <annevk@annevk.nl>
This doesn't seem to be spelled out as an explicit change to the appropriate algorithm.
The right algorithm would be https://html.spec.whatwg.org/multipage/browsing-the-web.html#initialise-the-document-object , correct?
cc @annevk
The text was updated successfully, but these errors were encountered: