Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 7688a5f9edc739472701f5f0d3f6ad1450104094
https://github.com/WebKit/WebKit/commit/7688a5f9edc739472701f5f0d3f6ad1450104094
Author: Yoav Weiss <[email protected]>
Date: 2024-10-08 (Tue, 08 Oct 2024)
Changed paths:
M
LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/resources/reporting-common.js
A
LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/tentative/access-to-noopener-page-from-no-coop-ro.https-expected.txt
A
LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/tentative/access-to-noopener-page-from-no-coop-ro.https.html
A
LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/resources/noopener-helper.js
A
LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/tentative/noopener/coop-noopener-allow-popups.https-expected.txt
A
LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/tentative/noopener/coop-noopener-allow-popups.https.html
M Source/WebCore/loader/CrossOriginOpenerPolicy.cpp
M Source/WebCore/loader/CrossOriginOpenerPolicy.h
M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
Log Message:
-----------
COOP noopener-allow-popups
https://bugs.webkit.org/show_bug.cgi?id=275147
Reviewed by Alex Christensen.
The `noopener-allow-popups` COOP value would enable a document to ensure it
can't be scripted by other same-origin documents that have opened it.
Some origins can contain different applications with different levels of
security requirements.
In those cases, it can be beneficial to prevent scripts running in one
application from being able to open and script pages of another same-origin
application.
The noopener-allow-popups Cross-Origin-Opener-Policy value severs the opener
relationship between the document loaded with this policy and its opener.
At the same time, this document can open further documents (as the
"allow-popups" in the name suggests) and maintain its opener relationship with
them, assuming that their COOP policy allows it.
This implements https://github.com/whatwg/html/pull/10394
*
LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/resources/reporting-common.js:
(const.coopHeaders): A helper to create headers in a more succinct way.
*
LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/tentative/access-to-noopener-page-from-no-coop-ro.https-expected.txt:
Added.
*
LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/tentative/access-to-noopener-page-from-no-coop-ro.https.html:
Added.
*
LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/resources/noopener-helper.js:
Added.
(getExecutorPath):
(const.test_noopener_opening_popup): The logic for the noopener tests.
(async const):
*
LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/tentative/noopener/coop-noopener-allow-popups.https-expected.txt:
Added.
*
LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/tentative/noopener/coop-noopener-allow-popups.https.html:
Added.
* Source/WebCore/loader/CrossOriginOpenerPolicy.cpp:
(WebCore::crossOriginOpenerPolicyToString): Add the "noopener-allow-popups"
string.
(WebCore::crossOriginOpenerPolicyValueToEffectivePolicyString): Add the
"noopener-allow-popups" string.
(WebCore::matchingCOOP): Implement the related HTML algorithm.
(WebCore::coopValuesRequireBrowsingContextGroupSwitch): Implement the switching
logic related to noopener-allow-popups.
(WebCore::obtainCrossOriginOpenerPolicy): Parse the "noopener-allow-popups"
value.
* Source/WebCore/loader/CrossOriginOpenerPolicy.h: Add the
noopener-allow-popups enum value.
* Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in: Add the
noopener-allow-popups enum value.
Canonical link: https://commits.webkit.org/284866@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
