(This is related, but different from origin isolation.) 1. Use origin instead of site as agent cluster key for cross-origin isolated agent clusters. document.domain mutation is no-op for agents in cross-origin isolated agent clusters. 2. Introduce cross-origin isolated permission (https://w3c.github.io/webappsec-feature-policy/). 3. Introduce self.crossOriginIsolated returning whether the surrounding agent cluster is cross-origin isolated and the environment has the cross-origin isolated permission. 1. allows origin isolation (instead of site isolation) for cross-origin isolated agent clusters. This is an incremental step of a long-term security improvement (see https://docs.google.com/document/d/1dnUjxfGWnvhQEIyCZb0F2LmCZ9gio6ogu2rhMGqi6gY/edit#heading=h.thm6zozaav55). 2. allows web developers to control whether child frames can use powerful APIs such as SharedArrayBuffer and the memory measurement API. 3. allows web developers to see if they can use the powerful APIs.
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABihn6HOKGZmtPvtEMTHtQtjPFDEzcXrzETqywi3abbyA0uPBw%40mail.gmail.com.
Originally I thought Yoav was talking about disabling SAB on non-cross-origin isolated agent clusters. This intent doesn't include that.After reading Anne's comment it seems I misunderstood Yoav's comment.
On Mon, Jun 15, 2020 at 7:58 PM Anne van Kesteren <ann...@annevk.nl> wrote:On Mon, Jun 15, 2020 at 12:35 PM Yutaka Hirano <yhi...@chromium.org> wrote:
> That will be a separate intent.
But presumably this will impact who a SharedArrayBuffer can be shared
with, right? In particular, they can no longer go
cross-origin-same-site within a cross-origin isolated environment.This is true. cross-origin-same-site agents will belong to different agent clusters when cross-origin isolated, and sharing SAB between the agents will no longer be possible.This change is included in this intent.