Bug 233633

Summary: Enforce COOP, even when COOP+sandbox leads to an error page.
Product: WebKit Reporter: ahemery
Component: Page LoadingAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: achristensen, beidson, cdumez, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Safari 15   
Hardware: Unspecified   
OS: Unspecified   

Description ahemery 2021-11-30 05:23:47 PST 
As discussed in https://github.com/whatwg/html/issues/7345, an opener that remains on a popup that error'd because of COOP+sandbox can lead to guessing URLs cross-origin using history length.

Instead, the spec changes in https://github.com/whatwg/html/pull/7364 to enforce COOP, even when we'll fail afterwards, severing the opener.
Comment 1 Radar WebKit Bug Importer 2021-12-07 05:24:19 PST 
<rdar://problem/86152095>