275147 – Add a COOP value the prevent same-origin scripting by the opener document

RESOLVED FIXED 275147

Add a COOP value the prevent same-origin scripting by the opener document

https://bugs.webkit.org/show_bug.cgi?id=275147

Summary Add a COOP value the prevent same-origin scripting by the opener document

Yoav Weiss

Reported 2024-06-05 02:31:48 PDT

Some origins can contain different applications with different levels of security requirements. In those cases, it can be beneficial to prevent scripts running in one application from being able to open and script pages of another same-origin application. HTML issue: https://github.com/whatwg/html/issues/10373#issue-2322953911 HTML PR: https://github.com/whatwg/html/pull/10394 Explainer: https://gist.github.com/yoavweiss/c7b61e97e6f8d207be619f87ab96ead5

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2024-06-12 02:32:13 PDT

Yoav Weiss

Comment 2 2024-07-01 06:39:54 PDT

EWS

Comment 3 2024-10-08 19:07:43 PDT

Committed 284866@main (7688a5f9edc7): <https://commits.webkit.org/284866@main> Reviewed commits have been landed. Closing PR #30344 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Enhancement

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebCore Misc.

Assignee

Yoav Weiss

Reported

2024-06-05 02:31 PDT

Modified

2024-10-08 19:07 PDT History

CC List

5 users Show

URL

Keywords InRadar

Depends on

Blocks