233633 – Enforce COOP, even when COOP+sandbox leads to an error page.

NEW 233633

Enforce COOP, even when COOP+sandbox leads to an error page.

https://bugs.webkit.org/show_bug.cgi?id=233633

Summary Enforce COOP, even when COOP+sandbox leads to an error page.

ahemery

Reported 2021-11-30 05:23:47 PST

As discussed in https://github.com/whatwg/html/issues/7345, an opener that remains on a popup that error'd because of COOP+sandbox can lead to guessing URLs cross-origin using history length. Instead, the spec changes in https://github.com/whatwg/html/pull/7364 to enforce COOP, even when we'll fail afterwards, severing the opener.

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2021-12-07 05:24:19 PST

<rdar://problem/86152095>

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version Safari 15

Hardware Unspecified

OS Unspecified

Product WebKit

Component Page Loading

Assignee

Nobody

Reported

2021-11-30 05:23 PST

Modified

2021-12-07 05:24 PST History

CC List

4 users Show

URL

Keywords InRadar

Depends on

Blocks