-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The disown-opener
directive is not the right model
#194
Comments
Maybe the directive should be called something like |
Why is not named |
I would like to re-open this discussion around this perhaps we could reach a good solution that is good for Secure Contexts (w3c/webappsec-secure-contexts#42). It sounds to me that the What I'm not sure about is how important is the |
The change to connect-src didn't seem to actually do anyhing weirdly, leaving it as is disown-opener doesn't seem to be implemented yet (w3c/webappsec-csp#194)
Would it be better if this was a separate header from CSP? Because it seems to me that the restricted behavior of how the opener works may depend upon the domain that is linked to, which I think is beyond what CSP is for. However it is highly likely I do not fully understand what this directive is suppose to do. |
@AliceWonderMiscreations good question, it reminds me that the HTTP header equivalent to the HTML attribute |
Why so many new headers? Why not merge it in single header like does CSP and |
This is now COOP (see whatwg/html#3740). |
https://w3c.github.io/webappsec-csp/#directive-disown-opener
The current pressing need for
disown-opener
or something like it is to allow us to keep the at riskopener
aspects of the Secure Contexts algorithm (see w3c/webappsec-secure-contexts#42). Disowning the opener doesn't meet the needs of the Secure Contexts spec though, since the worry there is that the opener's connection to the openee (rather that visa versa) allows the opener topostMessage
to the openee to potentially gain access to secure context-only APIs it otherwise shouldn't have access to. So rather than breaking the connection from the openee to the opener as thedisown-opener
directive would do, what we really want is to break the connection from the opener to the openee, or at least to preventpostMessage
messages making it through to the openee.The text was updated successfully, but these errors were encountered: