[Webkit-unassigned] [Bug 200967] [GTK] Make PSON optional

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Oct 1 05:04:42 PDT 2019


--- Comment #19 from Adrian Perez <aperez at igalia.com> ---
Comment on attachment 379885
  --> https://bugs.webkit.org/attachment.cgi?id=379885

View in context: https://bugs.webkit.org/attachment.cgi?id=379885&action=review

Patch r=me informally, with a small nit about documentation.

> Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp:457
> +     * Whether swap Web processes on cross-site navigations is enabled.

I think this deserves a short paragraph explaining intuitively what
the setting entails, and why it is a good thing. How about something
like this:

  When enabled, pages from each security origin will be handled by
  their own separate renderer processes, which are started (and
  terminated) on demand as the user navigates across different
  domains. This is an important security measure which helps prevent
  websites stealing data from other visited pages.

> Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp:468
> +            FALSE,

While it would be much better from a security POV to set this is to TRUE,
and let applications opt-out when needed, we'll have to live with PSON
disabled by default to please the Backwards Compatibility Demigods ¯\_(ツ)_/¯

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191001/76c98116/attachment.html>

More information about the webkit-unassigned mailing list