[Webkit-unassigned] [Bug 200967] [GTK] Make PSON optional
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Oct 1 05:04:42 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=200967
--- Comment #19 from Adrian Perez <aperez at igalia.com> ---
Comment on attachment 379885
--> https://bugs.webkit.org/attachment.cgi?id=379885
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=379885&action=review
Patch r=me informally, with a small nit about documentation.
> Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp:457
> + * Whether swap Web processes on cross-site navigations is enabled.
I think this deserves a short paragraph explaining intuitively what
the setting entails, and why it is a good thing. How about something
like this:
When enabled, pages from each security origin will be handled by
their own separate renderer processes, which are started (and
terminated) on demand as the user navigates across different
domains. This is an important security measure which helps prevent
websites stealing data from other visited pages.
> Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp:468
> + FALSE,
While it would be much better from a security POV to set this is to TRUE,
and let applications opt-out when needed, we'll have to live with PSON
disabled by default to please the Backwards Compatibility Demigods ¯\_(ツ)_/¯
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191001/76c98116/attachment.html>
More information about the webkit-unassigned
mailing list