Intent to Experiment: Cross-origin opener policy reporting API

78 views
Skip to first unread message

Camille Lamy

unread,
Aug 12, 2020, 10:18:48 AM8/12/20
to blink-dev

Contact emails

cl...@chromium.org

Explainer

https://github.com/camillelamy/explainers/blob/master/coop_reporting.md

Specification

https://github.com/whatwg/html/pull/5518

Design docs

https://docs.google.com/document/d/1H8Be0w27fKPXKqyuJj9oEqIJEjB9Rw5AP3x-w-Fx2Zg/edit#heading=h.6a92f2gfl9le


TAG review

https://github.com/w3ctag/design-reviews/issues/527

Summary

Adds a reporting API to help developers deploy cross-origin opener policy.

Link to “Intent to Prototype” blink-dev discussion

https://groups.google.com/a/chromium.org/g/blink-dev/c/h5s3SMpF8QI/m/TkukMVyTAgAJ

Risks



Interoperability and Compatibility

This is a new feature.

Gecko: No signal

WebKit: No signal

Web developers: No signals

Ergonomics

This feature will be used with cross-origin opener policy, and often with cross-origin embedder policy (in particular, its reporting API).

Activation

The feature requires developers to properly set up a reporting endpoint. However it helps adoption of COOP by providing a report-only mode that developers can use to check that their websites will not break when enabling COOP.

Security

The reporting API exposes that other pages tried to access cross-origin properties of the page.


Goals for experimentation

We want to gather feedback on whether the proposed data in the reports is helpful to developers to debug bugs with COOP.

Experimental timeline

M86

Reason this experiment is being extended



Ongoing technical constraints

None.

Debuggability

This should help with COOP debuggability as DevTools will be able to hook in the same places as we send reports and use this to surface useful information to developers trying to enable COOP.

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

No All platforms will be supported except Android WebView. The underlying COOP feature requires multiple renderer processes which Android WebView cannot provide.

Is this feature fully tested by web-platform-tests?

No We plan on fully testing this feature using WebPlatform tests. Our tests are part of the cross-origin opener policy suite (tests marked as reporting), and we are currently expending them. https://wpt.fyi/results/html/cross-origin-opener-policy?label=experimental&label=master&aligned

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5755687994916864

Yoav Weiss

unread,
Aug 13, 2020, 5:46:37 AM8/13/20
to Camille Lamy, Eiji Kitamura, blink-dev
LGTM to experiment.
Reporting seems essential to convince web properties that they can actually deploy COOP without breaking the site for their users.

I was going to ask about the choice of using a separate header, but luckily, the TAG already did and the answer there makes sense.
 


Summary

Adds a reporting API to help developers deploy cross-origin opener policy.

Link to “Intent to Prototype” blink-dev discussion

https://groups.google.com/a/chromium.org/g/blink-dev/c/h5s3SMpF8QI/m/TkukMVyTAgAJ

Risks



Interoperability and Compatibility

This is a new feature.

Gecko: No signal

WebKit: No signal

Now seems like a good time to be asking for signals
 

Web developers: No signals

While gathering web developer signals can be harder, might be good to try.
For example, +Eiji Kitamura may have heard things as a response to https://web.dev/coop-coep/. (or may have other ideas)


Ergonomics

This feature will be used with cross-origin opener policy, and often with cross-origin embedder policy (in particular, its reporting API).

Activation

The feature requires developers to properly set up a reporting endpoint. However it helps adoption of COOP by providing a report-only mode that developers can use to check that their websites will not break when enabling COOP.

Security

The reporting API exposes that other pages tried to access cross-origin properties of the page.


Goals for experimentation

We want to gather feedback on whether the proposed data in the reports is helpful to developers to debug bugs with COOP.

Experimental timeline

M86

Reason this experiment is being extended



Ongoing technical constraints

None.

Debuggability

This should help with COOP debuggability as DevTools will be able to hook in the same places as we send reports and use this to surface useful information to developers trying to enable COOP.

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

No All platforms will be supported except Android WebView. The underlying COOP feature requires multiple renderer processes which Android WebView cannot provide.

Is this feature fully tested by web-platform-tests?

No We plan on fully testing this feature using WebPlatform tests. Our tests are part of the cross-origin opener policy suite (tests marked as reporting), and we are currently expending them. https://wpt.fyi/results/html/cross-origin-opener-policy?label=experimental&label=master&aligned

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5755687994916864

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMKsNvoM60biLy8O7GXoi8uJukK4GumJzCFFxOcYL0JkAnVmCw%40mail.gmail.com.

Artur Janc

unread,
Aug 13, 2020, 9:33:47 AM8/13/20
to blink-dev, yo...@yoav.ws, blink-dev, cl...@chromium.org, Eiji Kitamura
I'm certainly biased since I've been helping shape this API somewhat, but I can provide signal on behalf of the Google security team that we're definitely interested in, and blocked on, COOP reporting being available (see e.g. https://twitter.com/we1x/status/1293861189068390401). We've heard similar rumblings from security engineers at Facebook where AFAIK they're enforcing COOP for internal users, but are waiting on reporting data to do it in production. My guess is that other application owners who care about XS-Leaks are in a similar boat.

Cheers,
-Artur
Reply all
Reply to author
Forward
0 new messages