[webkit-changes] [WebKit/WebKit] 7688a5: COOP noopener-allow-popups

Yoav Weiss noreply at github.com
Tue Oct 8 19:08:01 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 7688a5f9edc739472701f5f0d3f6ad1450104094
      https://github.com/WebKit/WebKit/commit/7688a5f9edc739472701f5f0d3f6ad1450104094
  Author: Yoav Weiss <yoav at yoav.ws>
  Date:   2024-10-08 (Tue, 08 Oct 2024)

  Changed paths:
    M LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/resources/reporting-common.js
    A LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/tentative/access-to-noopener-page-from-no-coop-ro.https-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/tentative/access-to-noopener-page-from-no-coop-ro.https.html
    A LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/resources/noopener-helper.js
    A LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/tentative/noopener/coop-noopener-allow-popups.https-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/tentative/noopener/coop-noopener-allow-popups.https.html
    M Source/WebCore/loader/CrossOriginOpenerPolicy.cpp
    M Source/WebCore/loader/CrossOriginOpenerPolicy.h
    M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in

  Log Message:
  -----------
  COOP noopener-allow-popups

https://bugs.webkit.org/show_bug.cgi?id=275147

Reviewed by Alex Christensen.

The `noopener-allow-popups` COOP value would enable a document to ensure it can't be scripted by other same-origin documents that have opened it.

Some origins can contain different applications with different levels of security requirements.
In those cases, it can be beneficial to prevent scripts running in one application from being able to open and script pages of another same-origin application.

The noopener-allow-popups Cross-Origin-Opener-Policy value severs the opener relationship between the document loaded with this policy and its opener.
At the same time, this document can open further documents (as the "allow-popups" in the name suggests) and maintain its opener relationship with them, assuming that their COOP policy allows it.

This implements https://github.com/whatwg/html/pull/10394

* LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/resources/reporting-common.js:
(const.coopHeaders): A helper to create headers in a more succinct way.
* LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/tentative/access-to-noopener-page-from-no-coop-ro.https-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/tentative/access-to-noopener-page-from-no-coop-ro.https.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/resources/noopener-helper.js: Added.
(getExecutorPath):
(const.test_noopener_opening_popup): The logic for the noopener tests.
(async const):
* LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/tentative/noopener/coop-noopener-allow-popups.https-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/tentative/noopener/coop-noopener-allow-popups.https.html: Added.
* Source/WebCore/loader/CrossOriginOpenerPolicy.cpp:
(WebCore::crossOriginOpenerPolicyToString): Add the "noopener-allow-popups" string.
(WebCore::crossOriginOpenerPolicyValueToEffectivePolicyString): Add the "noopener-allow-popups" string.
(WebCore::matchingCOOP): Implement the related HTML algorithm.
(WebCore::coopValuesRequireBrowsingContextGroupSwitch): Implement the switching logic related to noopener-allow-popups.
(WebCore::obtainCrossOriginOpenerPolicy): Parse the "noopener-allow-popups" value.
* Source/WebCore/loader/CrossOriginOpenerPolicy.h: Add the noopener-allow-popups enum value.
* Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in: Add the noopener-allow-popups enum value.

Canonical link: https://commits.webkit.org/284866@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list