Fwd: [blink-dev] Intent to Experiment: COOP: restrict-properties
Jonathan Hao
From: Mike Taylor <Unknown>
Date: Thursday, June 1, 2023 at 8:17:45 PM UTC+1
Subject: Re: [blink-dev] Intent to Experiment: COOP: restrict-properties
To: ahe...@google.com <Unknown>, blink-dev <Unknown>
LGTM to experiment from M116 to M119 inclusive.
Contact emails ahe...@chromium.org
Explainer https://github.com/hemeryar/coi-with-popups
Specification https://github.com/whatwg/html/issues/6364
SummaryCross-Origin-Opener-Policy is used to sever the relationship between popup and openers, to increase security. "restrict-properties" is a proposed value that restricts the relationship instead of completely severing it. It would enable crossOriginIsolated when paired with COEP.
Blink component Blink>SecurityFeature>COOP
Search tags COOP, restrict-properties
Risks
Interoperability and CompatibilityIt could fail to become an interoperable part of the web platform if other browsers do not implement it. The OT is intended to gather user feedback to get support from Mozilla.
Gecko: No signal
WebKit: No signal
Web developers: No signals
Other signals: Have a few partners interested in trying this out like Zoom and Facebook, as well as a couple of internal partners (altimin@ for perfetto dashboards, vickyzhu@ for gmail, etc.).
WebView application risksDoes this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
Goals for experimentationThe goal for this experiment is to give partners the possibility to try the new value at scale and to discover potential deployment blockers that were not anticipated (e.g. external dependency, same-origin communications required, etc.)
DebuggabilityCOOP reporting will support restricted cross-origin properties reporting, similar to what exists for other COOP values.
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)? YesCOOP is parsed on all platforms, but the process model implied might vary.
Is this feature fully tested by web-platform-tests? Yes under wpt/html/cross-origin-opener-policy/tentative/restrict-properties.
Flag name--enable-features='CoopRestrictProperties'
Requires code in //chrome? False
Tracking bug https://bugs.chromium.org/p/chromium/issues/detail?id=1221127
Launch bug https://bugs.chromium.org/p/chromium/issues/detail?id=1347385
Estimated milestones OriginTrial desktop last 119 OriginTrial desktop first 116 OriginTrial Android last 119 OriginTrial Android first 116
Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5072630953017344
Links to previous Intent discussions Previous Intent to experiment, dropped because implementation was incomplete: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAF07A2UMOnEEY%2BG4bjE6kiPtw9insquxztWYDb%3DE9bnb-_dZow%40mail.gmail.com
Intent to prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAF07A2Uw-Oh0d7ktTPnV%3D8TTrr%2BNcTgfiLxzFd2P2QLD18qNsw%40mail.gmail.com
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAF07A2U6Roco9aJwOxCv9vFhXffbOyZDcxiEOKH3cEC6GJsp0w%40mail.gmail.com.
Jonathan Hao
Hi Jonathan,Thanks for the heads up. Per go/running-an-origin-trial you need to submit a request through go/new-origin-trial, which will get routed to us for handling.Thanks,Panos
You received this message because you are subscribed to the Google Groups "experimentation-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to experimentation...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/experimentation-dev/c8636a1e-a5cc-4f81-abe1-6f4d7f0916d9n%40chromium.org.
