Bug 275147

Summary: Add a COOP value the prevent same-origin scripting by the opener document
Product: WebKit Reporter: Yoav Weiss <yoav>
Component: WebCore Misc.Assignee: Yoav Weiss <yoav>
Status: RESOLVED FIXED    
Severity: Enhancement CC: annevk, bfulgham, cdumez, webkit-bug-importer, wilander
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Yoav Weiss
Reported 2024-06-05 02:31:48 PDT
Some origins can contain different applications with different levels of security requirements. In those cases, it can be beneficial to prevent scripts running in one application from being able to open and script pages of another same-origin application. HTML issue: https://github.com/whatwg/html/issues/10373#issue-2322953911 HTML PR: https://github.com/whatwg/html/pull/10394 Explainer: https://gist.github.com/yoavweiss/c7b61e97e6f8d207be619f87ab96ead5
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2024-06-12 02:32:13 PDT
<rdar://problem/129664445>
Yoav Weiss
Comment 2 2024-07-01 06:39:54 PDT
Pull request: https://github.com/WebKit/WebKit/pull/30344
EWS
Comment 3 2024-10-08 19:07:43 PDT
Committed 284866@main (7688a5f9edc7): <https://commits.webkit.org/284866@main> Reviewed commits have been landed. Closing PR #30344 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.