Bug 275147 - Add a COOP value the prevent same-origin scripting by the opener document
Summary: Add a COOP value the prevent same-origin scripting by the opener document
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Enhancement
Assignee: Yoav Weiss
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2024-06-05 02:31 PDT by Yoav Weiss
Modified: 2024-10-08 19:07 PDT (History)
5 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Yoav Weiss 2024-06-05 02:31:48 PDT 
Some origins can contain different applications with different levels of security requirements. In those cases, it can be beneficial to prevent scripts running in one application from being able to open and script pages of another same-origin application.

HTML issue: https://github.com/whatwg/html/issues/10373#issue-2322953911
HTML PR: https://github.com/whatwg/html/pull/10394
Explainer: https://gist.github.com/yoavweiss/c7b61e97e6f8d207be619f87ab96ead5
Comment 1 Radar WebKit Bug Importer 2024-06-12 02:32:13 PDT 
<rdar://problem/129664445>
Comment 2 Yoav Weiss 2024-07-01 06:39:54 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/30344
Comment 3 EWS 2024-10-08 19:07:43 PDT 
Committed 284866@main (7688a5f9edc7): <https://commits.webkit.org/284866@main>

Reviewed commits have been landed. Closing PR #30344 and removing active labels.