Groups keyboard shortcuts have been updated
Dismiss
See shortcuts
Intent to prototype: Origin-keyed Agent Clusters
96 views
Skip to first unread message
Andreas Farre
Sep 14, 2023, 8:02:19 AM9/14/23
to dev-pl...@mozilla.org
Summary:
Origin-keyed Agent Clusters allows developers to opt-in to a stricter cross-origin separation by placing same-site cross-origin pages in different agent clusters. The observable effect of this is that setting document.domain becomes a no-op and makes it impossible to send WebAssembly.Module:s to cross-origin documents. It also opens up several venues for more efficient resource allocation, e.g. performing process isolation based on origin-keyed agent clusters instead of site-keyed agent clusters and separate arena allocators. This is achieved by the site developer by sending the HTTP header Origin-Agent-Cluster, where a true value indicates that the site wishes to opt in to using origin-keyed agent clusters. This header also makes it easy to in the future deprecate document.domain by making the default be true for Origin-Agent-Cluster, while allowing sites to opt-out by sending Origin-Agent-Cluster with a false value.
Bug: Bug 1665474 - Implement the Origin-Agent-Cluster header
Specification: Origin-keyed agent clusters
Platform coverage: All platforms
Preference: We'll use browser.tabs.remote.originAgentClusters, with the possible values:
0) Turned off
This feature can be implemented incrementally, and until everything is in place we'll have the feature turned off.
1) Turned on. Default value for origin-keyed is false
This is the value we'll use for shipping this feature.
2) Turned on. Default value for origin-keyed is true
This is the value we'll use to deprecate document.domain in Bug 1817844 - Deprecate document.domain. This will be addressed in a future intent to prototype.
DevTools bug: None needed until we start considering deprecating document.domain.
Link to standards-positions discussion: mozilla/standards-positions
Other browsers:
Blink: shipped since version 88
WebKit: considering ([webkit-dev] Request for position on the Origin-Isolation header).
web-platform-tests: html/browsers/origin/origin-keyed-agent-clusters
How stable is the spec: Stable. Merged in whatwg/html/pull/5545 and renamed in whatwg/html/pull/6214, Aug 21, 2020 and Dec 11, 2020 respectively.
Web developer use-cases:
Initially this will be a way for developers to opt-in to helping the browser to use resources more efficiently. In the case of deprecating document.domain it becomes a way for developers to opt-out of this feature and regain the use of document.domain.
Example:
To use this feature configure the web server to send:
Origin-Agent-Cluster: ?1
Here the ?1 is the structured header syntax for the boolean true value.
Origin-keyed Agent Clusters allows developers to opt-in to a stricter cross-origin separation by placing same-site cross-origin pages in different agent clusters. The observable effect of this is that setting document.domain becomes a no-op and makes it impossible to send WebAssembly.Module:s to cross-origin documents. It also opens up several venues for more efficient resource allocation, e.g. performing process isolation based on origin-keyed agent clusters instead of site-keyed agent clusters and separate arena allocators. This is achieved by the site developer by sending the HTTP header Origin-Agent-Cluster, where a true value indicates that the site wishes to opt in to using origin-keyed agent clusters. This header also makes it easy to in the future deprecate document.domain by making the default be true for Origin-Agent-Cluster, while allowing sites to opt-out by sending Origin-Agent-Cluster with a false value.
Bug: Bug 1665474 - Implement the Origin-Agent-Cluster header
Specification: Origin-keyed agent clusters
Platform coverage: All platforms
Preference: We'll use browser.tabs.remote.originAgentClusters, with the possible values:
0) Turned off
This feature can be implemented incrementally, and until everything is in place we'll have the feature turned off.
1) Turned on. Default value for origin-keyed is false
This is the value we'll use for shipping this feature.
2) Turned on. Default value for origin-keyed is true
This is the value we'll use to deprecate document.domain in Bug 1817844 - Deprecate document.domain. This will be addressed in a future intent to prototype.
DevTools bug: None needed until we start considering deprecating document.domain.
Link to standards-positions discussion: mozilla/standards-positions
Other browsers:
Blink: shipped since version 88
WebKit: considering ([webkit-dev] Request for position on the Origin-Isolation header).
web-platform-tests: html/browsers/origin/origin-keyed-agent-clusters
How stable is the spec: Stable. Merged in whatwg/html/pull/5545 and renamed in whatwg/html/pull/6214, Aug 21, 2020 and Dec 11, 2020 respectively.
Web developer use-cases:
Initially this will be a way for developers to opt-in to helping the browser to use resources more efficiently. In the case of deprecating document.domain it becomes a way for developers to opt-out of this feature and regain the use of document.domain.
Example:
To use this feature configure the web server to send:
Origin-Agent-Cluster: ?1
Here the ?1 is the structured header syntax for the boolean true value.
When this feature is turned on, the Window interface will expose window.originAgentCluster, which returns true if this Window belongs to an origin-keyed agent cluster. This is useful due to the aspect of how mismatched values for the header are handled. An agent cluster can never transition to or from being origin-keyed, so if a Window wants to join an agent cluster and is served with the Origin-Agent-Cluster header with a true value, but the agent cluster is already site-keyed, then it stays site-keyed. The same is true if the agent cluster starts out as origin-keyed.
--
farre
Reply all
Reply to author
Forward
0 new messages