Intent to Ship: Cross-origin opener policy reporting API

[Camille Lamy]

Contact emails

cl...@chromium.org

Explainer

https://github.com/camillelamy/explainers/blob/master/coop_reporting.md

Specification

https://html.spec.whatwg.org/multipage/origin.html#reporting

Design docs

https://github.com/camillelamy/explainers/blob/master/coop_reporting.md

Summary

Adds a reporting API to help developers deploy cross-origin opener policy.

Blink component

Blink>SecurityFeature

Search tags

COOP, COOP reporting

TAG review

https://github.com/w3ctag/design-reviews/issues/527

TAG review status

Issues addressed

Risks

Interoperability and Compatibility

This is a new feature.

Gecko: Positive (https://github.com/whatwg/html/pull/5518) annevk on the spec pull request: "I think I said before that Firefox is supportive of reporting for COOP and COEP, though it's not a priority for us."

WebKit: No signal

Web developers: Positive Facebook has been successfully using the reporting API in Origin Trial to deploy COOP on their properties.

Ergonomics

This feature will be used with cross-origin opener policy, and often with cross-origin embedder policy (in particular, its reporting API).

Activation

The feature requires developers to properly set up a reporting endpoint. However it helps adoption of COOP by providing a report-only mode that developers can use to check that their websites will not break when enabling COOP.

Security

The reporting API exposes that other pages tried to access cross-origin properties of the page.

Debuggability

This should help with COOP debuggability as DevTools will be able to hook in the same places as we send reports and use this to surface useful information to developers trying to enable COOP.

Is this feature fully tested by web-platform-tests?

Yes

Tracking bug

https://bugs.chromium.org/p/chromium/issues/detail?id=1059303

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5755687994916864

Links to previous Intent discussions

Intent to prototype: https://groups.google.com/a/chromium.org/g/blink-dev/c/h5s3SMpF8QI/m/TkukMVyTAgAJ

This intent message was generated by Chrome Platform Status.

[Domenic Denicola]

I want to chime in to say that the specification work on this feature has been exemplary. Camille's explainer and specification go into great detail on the very complicated spec "code paths" involved in intercepting the points where COOP can kick in. The spec then threads the appropriate reporting infrastructure through multiple layers of complex window-creation and access operations in the HTML Standard, terminating each one in a concrete report, with all the appropriate data included and appropriately security-sanitized.

As the HTML Standard editor who did the relevant reviews, I'm very happy with the quality of the result, and am confident that the result provides something which can be interoperably implemented. From what I understand, the web platform tests coverage is also quite high.

[Jochen Eisinger]

lgtm1

On Wed, Dec 2, 2020 at 6:19 PM Domenic Denicola <d...@domenic.me> wrote:

I want to chime in to say that the specification work on this feature has been exemplary. Camille's explainer and specification go into great detail on the very complicated spec "code paths" involved in intercepting the points where COOP can kick in. The spec then threads the appropriate reporting infrastructure through multiple layers of complex window-creation and access operations in the HTML Standard, terminating each one in a concrete report, with all the appropriate data included and appropriately security-sanitized.

As the HTML Standard editor who did the relevant reviews, I'm very happy with the quality of the result, and am confident that the result provides something which can be interoperably implemented. From what I understand, the web platform tests coverage is also quite high.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/MN2PR13MB3613029FA1E1B17C1877FFF0DFF30%40MN2PR13MB3613.namprd13.prod.outlook.com.

[Chris Harrelson]

On Wed, Dec 2, 2020 at 5:13 AM Camille Lamy <cl...@chromium.org> wrote:

Contact emails

cl...@chromium.org

Explainer

https://github.com/camillelamy/explainers/blob/master/coop_reporting.md

Specification

https://html.spec.whatwg.org/multipage/origin.html#reporting

Design docs

https://github.com/camillelamy/explainers/blob/master/coop_reporting.md

Summary

Adds a reporting API to help developers deploy cross-origin opener policy.

Blink component

Blink>SecurityFeature

Search tags

COOP, COOP reporting

TAG review

https://github.com/w3ctag/design-reviews/issues/527

TAG review status

Issues addressed

Risks

Interoperability and Compatibility

This is a new feature.

Gecko: Positive (https://github.com/whatwg/html/pull/5518) annevk on the spec pull request: "I think I said before that Firefox is supportive of reporting for COOP and COEP, though it's not a priority for us."

This does not count as a signal. Please only use the process at bit.ly/blink-signals

 

WebKit: No signal

Web developers: Positive Facebook has been successfully using the reporting API in Origin Trial to deploy COOP on their properties.

Ergonomics

This feature will be used with cross-origin opener policy, and often with cross-origin embedder policy (in particular, its reporting API).

Activation

The feature requires developers to properly set up a reporting endpoint. However it helps adoption of COOP by providing a report-only mode that developers can use to check that their websites will not break when enabling COOP.

Security

The reporting API exposes that other pages tried to access cross-origin properties of the page.

Debuggability

This should help with COOP debuggability as DevTools will be able to hook in the same places as we send reports and use this to surface useful information to developers trying to enable COOP.

Is this feature fully tested by web-platform-tests?

Yes

Tracking bug

https://bugs.chromium.org/p/chromium/issues/detail?id=1059303

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5755687994916864

Links to previous Intent discussions

Intent to prototype: https://groups.google.com/a/chromium.org/g/blink-dev/c/h5s3SMpF8QI/m/TkukMVyTAgAJ

This intent message was generated by Chrome Platform Status.

--

You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMKsNvp8GKq%2BnjWc%3DF8As94o2e9%2BfM2Dk0j5khG4tsouF7iuTQ%40mail.gmail.com.

[Alex Russell]

LGTM2, pending filing a request for signals through the usual process.

[Yoav Weiss]

LGTM3 with the same caveat

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/9496bc6e-2e8c-429f-975f-42fbf6935630n%40chromium.org.

[Camille Lamy]

I have filed a request against Mozilla.

[Bartosz Niemczura]

On behalf of Facebook Security team, I'd also like to say that I'm looking forward to moving cross-origin opener policy out of origin trial. We've been experimenting with this feature already on facebook.com and instragram.com and the reporting is incredibly useful feature for us as it allows us to reliably roll out COOP at scale. Since other browsers haven't offered similar functionality yet, it's essentially the only way we can test the impact of COOP enforcement without breaking our sites.