Intent to Experiment: COOP: restrict-properties
594 views
Skip to first unread message
Arthur Hemery
Jul 26, 2022, 10:59:54 AM7/26/22
to blink-dev
Contact emails
ahe...@chromium.orgExplainer
https://github.com/hemeryar/explainers/blob/main/coop_restrict_properties.mdSpecification
https://github.com/whatwg/html/issues/6364Summary
Cross-Origin-Opener-Policy is used to sever the relationship between popup and openers, to increase security. "restrict-properties" is a proposed value that restricts the relationship instead of completely severing it. It would enable crossOriginIsolated when paired with COEP.
Blink component
Blink>SecurityFeature>COOPSearch tags
COOP, restrict-propertiesRisks
Interoperability and Compatibility
It could fail to become an interoperable part of the web platform if other browsers do not implement it. The OT is intended to gather user feedback to get support from Mozilla.
Gecko: No signal
WebKit: No signal
Web developers: No signals
Other signals: Have a few partners interested in trying this out like Zoom and Facebook, as well as at least one internal partner (altimin@ for perfetto dashboards).
WebView application risks
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
Goals for experimentation
The goal for this experiment is to give partners the possibility to try the new value at scale and to discover potential deployment blockers that were not anticipated (e.g. external dependency, same-origin communications required, etc.)
Debuggability
COOP reporting will support restricted cross-origin properties reporting, similar to what exists for other COOP values.
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
YesCOOP is parsed on all platforms, but the process model implied might vary.
Is this feature fully tested by web-platform-tests?
Yes under wpt/html/cross-origin-opener-policy/tentative/restrict-properties.Flag name
--enable-features='CoopRestrictProperties'
Requires code in //chrome?
FalseTracking bug
https://bugs.chromium.org/p/chromium/issues/detail?id=1221127Launch bug
https://bugs.chromium.org/p/chromium/issues/detail?id=1347385Estimated milestones
| OriginTrial desktop last | 110 |
| OriginTrial desktop first | 106 |
| OriginTrial Android last | 110 |
| OriginTrial Android first | 106 |
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5072630953017344Links to previous Intent discussions
Intent to prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAF07A2Uw-Oh0d7ktTPnV%3D8TTrr%2BNcTgfiLxzFd2P2QLD18qNsw%40mail.gmail.comArthur Hemery
Jul 27, 2022, 12:00:52 PM7/27/22
to blink-dev
Mike Taylor
Jul 27, 2022, 12:20:28 PM7/27/22
to Arthur Hemery, blink-dev
LGTM to experiment from M106 to M110.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAF07A2Uj8%3DeUzcs8-o4RxAJnJN8%2BGCpPZNY3ky5Y88-UvhFtiA%40mail.gmail.com.
Arthur Hemery
Aug 9, 2022, 8:12:20 AM8/9/22
to blink-dev
Implementation work was delayed, we're now targeting 107-111.
On Wed, Jul 27, 2022 at 11:45 PM Lia Martinez <liamart...@gmail.com> wrote:
Mira tú Arturo como te llames pendejo de mierda deja de estar mandado mensajes a este número ya le pegue su putisa a esta pura por inrespetosa todos usted que pantera que verga vallan a chingar así pura madre pedaso de mierda enfermos sexuales
You received this message because you are subscribed to a topic in the Google Groups "blink-dev" group.
To unsubscribe from this topic, visit https://groups.google.com/a/chromium.org/d/topic/blink-dev/JrMX5H2PX_o/unsubscribe.
To unsubscribe from this group and all its topics, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/bc9e72bf-fc63-f842-d132-0eb84b76d2b3%40chromium.org.
Arthur Hemery
Sep 15, 2022, 3:00:00 AM9/15/22
to blink-dev
Couldn't fit in everything we wanted in 107 so moving again to 108-112
Mike Taylor
Sep 15, 2022, 12:06:45 PM9/15/22
to Arthur Hemery, blink-dev
(Still) LGTM for 108-112.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAF07A2US-hQOAE%3D0B7Y6tzngviNSqKsVeZu%2BJUEuomceZ1wy6Q%40mail.gmail.com.
Arthur Hemery
Oct 12, 2022, 7:16:40 AM10/12/22
to blink-dev, Charlie Reis, Camille Lamy, Nasko Oskov
Hi API owners!
I've discussed this with the Chrome Security Architecture team and since there are still things to iterate on design wise, we're putting this on hold for now.
I'll come back to this thread once we have an experiment ready to ship, instead of continuously announcing milestones and pushing them back.
Thanks,
Arthur
I've discussed this with the Chrome Security Architecture team and since there are still things to iterate on design wise, we're putting this on hold for now.
I'll come back to this thread once we have an experiment ready to ship, instead of continuously announcing milestones and pushing them back.
Thanks,
Arthur
Mike Taylor
Oct 12, 2022, 9:52:00 AM10/12/22
to Arthur Hemery, blink-dev, Charlie Reis, Camille Lamy, Nasko Oskov
Sounds good, thanks Arthur.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAF07A2XuYi7Qg53LBxbEre8eUv%3DfTyrSLGv72iPTDvXbA_17%3DQ%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages