[Webkit-unassigned] [Bug 233633] New: Enforce COOP, even when COOP+sandbox leads to an error page.

Tue Nov 30 05:23:47 PST 2021

https://bugs.webkit.org/show_bug.cgi?id=233633

            Bug ID: 233633
           Summary: Enforce COOP, even when COOP+sandbox leads to an error
                    page.
           Product: WebKit
           Version: Safari 15
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Platform
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ahemery at google.com

As discussed in https://github.com/whatwg/html/issues/7345, an opener that remains on a popup that error'd because of COOP+sandbox can lead to guessing URLs cross-origin using history length.

Instead, the spec changes in https://github.com/whatwg/html/pull/7364 to enforce COOP, even when we'll fail afterwards, severing the opener.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211130/8c62ead6/attachment.htm>