Chiming in with my web-developer hat on: This is something that I'd really like to see for the ui.perfetto.dev. The requirements we have there are:
a) we rely on cross-origin postMessage for opening traces from multiple dashboards (ui.perfetto.dev is responsible for displaying arbitrary Perfetto traces while the dashboards are responsible for fetching the specific trace from the storage. Then the dashboard window.open's ui.perfetto.dev and uses postMessage to inject the trace contents. Using POST data is not an option for us there as we want to ensure that the trace itself isn't sent to ui.perfetto.dev). b) we want high-resolution timers for the ui.perfetto.dev (to be able to measure and profile performance issues). COOP: same-origin breaks the requirement a), however, COOP: restrict-properties should solve the problems, so I'm very excited about this coming. On Tue, 12 Jul 2022 at 15:01, 'Arthur Hemery' via blink-dev < [email protected]> wrote: > Contact [email protected] > > Explainer > https://github.com/hemeryar/explainers/blob/main/coop_restrict_properties.md > > Specificationhttps://github.com/whatwg/html/issues/6364 > > Summary > > Cross-Origin-Opener-Policy is used to sever the relationship between popup > and openers, to increase security. "restrict-properties" is a proposed > value that restricts the relationship instead of completely severing it. It > would enable crossOriginIsolated when paired with COEP. > > Blink componentBlink>SecurityFeature>COOP > <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3ECOOP> > > Motivation > > Developers that want their website to be crossOriginIsolated currently > need to give up all relationships with popups. This makes it impossible for > websites that use SSO, payments or other APIs that function via popups to > be crossOriginIsolated. For these websites, we propose a new COOP value, > "restrict-properties" that allows communication via postMessage and closed, > while enabling crossOriginIsolated. > > > Initial public proposalhttps://github.com/whatwg/html/issues/6364 > > TAG review > TAG review statusPending > > Risks > > Interoperability and Compatibility*Gecko*: Firefox would like to see more > developer feedback to ensure this solution suits their needs. > > *WebKit*: No signal > > *Web developers*: No signal > > *Other signals*: Positive feedback on the explainer from Zoom and Meta. > > WebView application risks > > None. > > > > Debuggability > > The new value will be plugged into COOP reporting to help developers > understand the impact on their site. > > Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> > ?Yes under html/cross-origin-opener-policy/tentative/restrict-properties > > Requires code in //chrome?False > > Tracking bughttps://bugs.chromium.org/p/chromium/issues/detail?id=1221127 > > Estimated milestones > > 106 for OT. > > Link to entry on the Chrome Platform Status > https://chromestatus.com/feature/5072630953017344 > > This intent message was generated by Chrome Platform Status > <https://chromestatus.com/>. > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAF07A2Uw-Oh0d7ktTPnV%3D8TTrr%2BNcTgfiLxzFd2P2QLD18qNsw%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAF07A2Uw-Oh0d7ktTPnV%3D8TTrr%2BNcTgfiLxzFd2P2QLD18qNsw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALHg4nnzxvQc8GSN_%2Bad2cr1Kt2zJUEVT9dMbmso6n9%3D6H1fAg%40mail.gmail.com.
