Consider adding a [CrossOriginIsolated] extended attribute.
#875
Comments
|
Is whatwg/html#5435 still something that is being pursued by Google? (It would be doable in Firefox, but I'm not sure we want to lead with shipping that as well.) Note that if you have |
I think so? Either @arturjanc or @ulan pinged me about it earlier this week, and it seems like a reasonable thing to do that this would layer on top of.
If we keep (As part of Securer Contexts, I'd secretly like to deprecate |
|
Make sure to include the
|
|
My hope is that we'd mostly be putting the attribute on interfaces rather than literally every attribute or method. I filed #876, which is probably a better place for that conversation. :) |
WebIDL currently defines a `[SecureContext]` extended attribute that governs whether or not a given construct is exposed within a given context. This patch defines a similar `[CrossOriginIsolated]` attribute to govern exposure based on cross-origin isolation. This supports the broader Securer Contexts proposal (https://github.com/mikewest/securer-contexts), which aims to guide spec authors to combat threats we've started paying more attention to over the last few years. Closes whatwg#875.
WebIDL currently defines a `[SecureContext]` extended attribute that governs whether or not a given construct is exposed within a given context. This patch defines a similar `[CrossOriginIsolated]` attribute to govern exposure based on cross-origin isolation. This supports the broader Securer Contexts proposal (https://github.com/mikewest/securer-contexts), which aims to guide spec authors to combat threats we've started paying more attention to over the last few years. Closes whatwg#875.
Web IDL currently defines a [SecureContext] extended attribute that governs whether or not a given construct is exposed within a given context. This patch defines a similar [CrossOriginIsolated] attribute to govern exposure based on cross-origin isolation. This supports the broader Securer Contexts proposal (https://github.com/mikewest/securer-contexts), which aims to guide spec authors to combat threats we've started paying more attention to over the last few years. Closes #875. Co-authored-by: Domenic Denicola <d@domenic.me>
We have a
[SecureContext]extended attribute that governs whether or not a given construct is exposed within a given context. I'd suggest that something similar would be helpful as we begin restricting access to APIs based on whether or not a given context is cross-origin isolated.The Securer Contexts proposal talks about this attribute in terms of
[SecureContext=Isolated], but I now think it's probably a better idea to create a new attribute ([CrossOriginIsolated]) for this purpose, as it would give us the opportunity to reformulate[SecureContext]in the future to something more specifically related to the aspect of security it actually governs.That is, for upcoming APIs like
performance.measureMemory(), I'd like them to be able to define the API as limited to isolated and secure contexts in a standardized way. Perhaps along the lines of:That would have the effect of exposing the method only when the context is cross-origin isolated via COOP and COEP (as defined in whatwg/html#4732 (comment)).
WDYT?
@annevk @camillelamy @domenic
The text was updated successfully, but these errors were encountered: