Have DedicatedWorker use COEP in response headers #13
Conversation
Stop inheriting owner's policy, and use response's policy instead. Also add a check to keep the invariance that when owner's COEP is "require-corp" then the dedicated worker's COEP must also be "require-corp". Fixes whatwg/html#4924.
@yutakahirano - can you join the WICG to appease the IPR bots? |
Thanks, I've just requested. |
Adding tests as https://chromium-review.googlesource.com/c/chromium/src/+/2121936. |
[1] is changing how COEP is set to (dedicated) worker top-level scripts. Before the change it inherited the parent policy. After the change it gets the policy from the HTTP headers in the response, but the loading is blocked when the parent has COEP: require-corp but the child doesn't have COEP: require-corp. As described in [2], this can be solved by a project called PlzDedicatedWorker, but it will take time to ship it. As a short-term fix, this implements the blocking part. No reporting is implemented. This fix is important because this is a breaking change. We would like to land this by M83. 1: WICG/cross-origin-embedder-policy#13 2: https://docs.google.com/document/d/1eB34zYLuQHshN_Tt8BbLSehHyvxqWupVdB09CCbn7g4/edit Bug: 1064920 Change-Id: I55fa951f18692d642c747cff168d8239de69efb6
[1] is changing how COEP is set to (dedicated) worker top-level scripts. Before the change it inherited the parent policy. After the change it gets the policy from the HTTP headers in the response, but the loading is blocked when the parent has COEP: require-corp but the child doesn't have COEP: require-corp. As described in [2], this can be solved by a project called PlzDedicatedWorker, but it will take time to ship it. As a short-term fix, this implements the blocking part. No reporting is implemented. This fix is important because this is a breaking change. We would like to land this by M83. 1: WICG/cross-origin-embedder-policy#13 2: https://docs.google.com/document/d/1eB34zYLuQHshN_Tt8BbLSehHyvxqWupVdB09CCbn7g4/edit Bug: 1064920 Change-Id: I55fa951f18692d642c747cff168d8239de69efb6
[1] is changing how COEP is set to (dedicated) worker top-level scripts. Before the change it inherited the parent policy. After the change it gets the policy from the HTTP headers in the response, but the loading is blocked when the parent has COEP: require-corp but the child doesn't have COEP: require-corp. As described in [2], this can be solved by a project called PlzDedicatedWorker, but it will take time to ship it. As a short-term fix, this implements the blocking part. No reporting is implemented. This fix is important because this is a breaking change. We would like to land this by M83. 1: WICG/cross-origin-embedder-policy#13 2: https://docs.google.com/document/d/1eB34zYLuQHshN_Tt8BbLSehHyvxqWupVdB09CCbn7g4/edit Bug: 1064920 Change-Id: I55fa951f18692d642c747cff168d8239de69efb6
[1] is changing how COEP is set to (dedicated) worker top-level scripts. Before the change it inherited the parent policy. After the change it gets the policy from the HTTP headers in the response, but the loading is blocked when the parent has COEP: require-corp but the child doesn't have COEP: require-corp. As described in [2], this can be solved by a project called PlzDedicatedWorker, but it will take time to ship it. As a short-term fix, this implements the blocking part. No reporting is implemented. This fix is important because this is a breaking change. We would like to land this by M83. 1: WICG/cross-origin-embedder-policy#13 2: https://docs.google.com/document/d/1eB34zYLuQHshN_Tt8BbLSehHyvxqWupVdB09CCbn7g4/edit Bug: 1064920 Change-Id: I55fa951f18692d642c747cff168d8239de69efb6
[1] is changing how COEP is set to (dedicated) worker top-level scripts. Before the change it inherited the parent policy. After the change it gets the policy from the HTTP headers in the response, but the loading is blocked when the parent has COEP: require-corp but the child doesn't have COEP: require-corp. As described in [2], this can be solved by a project called PlzDedicatedWorker, but it will take time to ship it. As a short-term fix, this implements the blocking part. No reporting is implemented. This fix is important because this is a breaking change. We would like to land this by M83. 1: WICG/cross-origin-embedder-policy#13 2: https://docs.google.com/document/d/1eB34zYLuQHshN_Tt8BbLSehHyvxqWupVdB09CCbn7g4/edit Bug: 1064920 Change-Id: I55fa951f18692d642c747cff168d8239de69efb6
Hi! I'll try to make time to look at this today, but I suspect I'm going to need until tomorrow to give you actionable feedback. Sorry! |
[1] is changing how COEP is set to (dedicated) worker top-level scripts. Before the change it inherited the parent policy. After the change it gets the policy from the HTTP headers in the response, but the loading is blocked when the parent has COEP: require-corp but the child doesn't have COEP: require-corp. As described in [2], this can be solved by a project called PlzDedicatedWorker, but it will take time to ship it. As a short-term fix, this implements the blocking part. No reporting is implemented. This fix is important because this is a breaking change. We would like to land this by M83. 1: WICG/cross-origin-embedder-policy#13 2: https://docs.google.com/document/d/1eB34zYLuQHshN_Tt8BbLSehHyvxqWupVdB09CCbn7g4/edit Bug: 1064920 Change-Id: I55fa951f18692d642c747cff168d8239de69efb6
[1] is changing how COEP is set to (dedicated) worker top-level scripts. Before the change it inherited the parent policy. After the change it gets the policy from the HTTP headers in the response, but the loading is blocked when the parent has COEP: require-corp but the child doesn't have COEP: require-corp. As described in [2], this can be solved by a project called PlzDedicatedWorker, but it will take time to ship it. As a short-term fix, this implements the blocking part. No reporting is implemented. This fix is important because this is a breaking change. We would like to land this by M83. 1: WICG/cross-origin-embedder-policy#13 2: https://docs.google.com/document/d/1eB34zYLuQHshN_Tt8BbLSehHyvxqWupVdB09CCbn7g4/edit Bug: 1064920 Change-Id: I55fa951f18692d642c747cff168d8239de69efb6
[1] is changing how COEP is set to (dedicated) worker top-level scripts. Before the change it inherited the parent policy. After the change it gets the policy from the HTTP headers in the response, but the loading is blocked when the parent has COEP: require-corp but the child doesn't have COEP: require-corp. As described in [2], this can be solved by a project called PlzDedicatedWorker, but it will take time to ship it. As a short-term fix, this implements the blocking part. No reporting is implemented. This fix is important because this is a breaking change. We would like to land this by M83. 1: WICG/cross-origin-embedder-policy#13 2: https://docs.google.com/document/d/1eB34zYLuQHshN_Tt8BbLSehHyvxqWupVdB09CCbn7g4/edit Bug: 1064920 Change-Id: I55fa951f18692d642c747cff168d8239de69efb6
[1] is changing how COEP is set to (dedicated) worker top-level scripts. Before the change it inherited the parent policy. After the change it gets the policy from the HTTP headers in the response, but the loading is blocked when the parent has COEP: require-corp but the child doesn't have COEP: require-corp. As described in [2], this can be solved by a project called PlzDedicatedWorker, but it will take time to ship it. As a short-term fix, this implements the blocking part. No reporting is implemented. This fix is important because this is a breaking change. We would like to land this by M83. 1: WICG/cross-origin-embedder-policy#13 2: https://docs.google.com/document/d/1eB34zYLuQHshN_Tt8BbLSehHyvxqWupVdB09CCbn7g4/edit Bug: 1064920 Change-Id: I55fa951f18692d642c747cff168d8239de69efb6 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2126652 Commit-Queue: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org> Cr-Commit-Position: refs/heads/master@{#755782}
[1] is changing how COEP is set to (dedicated) worker top-level scripts. Before the change it inherited the parent policy. After the change it gets the policy from the HTTP headers in the response, but the loading is blocked when the parent has COEP: require-corp but the child doesn't have COEP: require-corp. As described in [2], this can be solved by a project called PlzDedicatedWorker, but it will take time to ship it. As a short-term fix, this implements the blocking part. No reporting is implemented. This fix is important because this is a breaking change. We would like to land this by M83. 1: WICG/cross-origin-embedder-policy#13 2: https://docs.google.com/document/d/1eB34zYLuQHshN_Tt8BbLSehHyvxqWupVdB09CCbn7g4/edit Bug: 1064920 Change-Id: I55fa951f18692d642c747cff168d8239de69efb6 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2126652 Commit-Queue: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org> Cr-Commit-Position: refs/heads/master@{#755782}
[1] is changing how COEP is set to (dedicated) worker top-level scripts. Before the change it inherited the parent policy. After the change it gets the policy from the HTTP headers in the response, but the loading is blocked when the parent has COEP: require-corp but the child doesn't have COEP: require-corp. As described in [2], this can be solved by a project called PlzDedicatedWorker, but it will take time to ship it. As a short-term fix, this implements the blocking part. No reporting is implemented. This fix is important because this is a breaking change. We would like to land this by M83. 1: WICG/cross-origin-embedder-policy#13 2: https://docs.google.com/document/d/1eB34zYLuQHshN_Tt8BbLSehHyvxqWupVdB09CCbn7g4/edit Bug: 1064920 Change-Id: I55fa951f18692d642c747cff168d8239de69efb6 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2126652 Commit-Queue: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org> Cr-Commit-Position: refs/heads/master@{#755782}
… COEP when its parent has COEP, a=testonly Automatic update from web-platform-tests DedicatedWorker should reject script w/o COEP when its parent has COEP [1] is changing how COEP is set to (dedicated) worker top-level scripts. Before the change it inherited the parent policy. After the change it gets the policy from the HTTP headers in the response, but the loading is blocked when the parent has COEP: require-corp but the child doesn't have COEP: require-corp. As described in [2], this can be solved by a project called PlzDedicatedWorker, but it will take time to ship it. As a short-term fix, this implements the blocking part. No reporting is implemented. This fix is important because this is a breaking change. We would like to land this by M83. 1: WICG/cross-origin-embedder-policy#13 2: https://docs.google.com/document/d/1eB34zYLuQHshN_Tt8BbLSehHyvxqWupVdB09CCbn7g4/edit Bug: 1064920 Change-Id: I55fa951f18692d642c747cff168d8239de69efb6 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2126652 Commit-Queue: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org> Cr-Commit-Position: refs/heads/master@{#755782} -- wpt-commits: 9446a9251cd68c7abdee377fe5a9ad8f40db5c44 wpt-pr: 22526
… COEP when its parent has COEP, a=testonly Automatic update from web-platform-tests DedicatedWorker should reject script w/o COEP when its parent has COEP [1] is changing how COEP is set to (dedicated) worker top-level scripts. Before the change it inherited the parent policy. After the change it gets the policy from the HTTP headers in the response, but the loading is blocked when the parent has COEP: require-corp but the child doesn't have COEP: require-corp. As described in [2], this can be solved by a project called PlzDedicatedWorker, but it will take time to ship it. As a short-term fix, this implements the blocking part. No reporting is implemented. This fix is important because this is a breaking change. We would like to land this by M83. 1: WICG/cross-origin-embedder-policy#13 2: https://docs.google.com/document/d/1eB34zYLuQHshN_Tt8BbLSehHyvxqWupVdB09CCbn7g4/edit Bug: 1064920 Change-Id: I55fa951f18692d642c747cff168d8239de69efb6 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2126652 Commit-Queue: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org> Cr-Commit-Position: refs/heads/master@{#755782} -- wpt-commits: 9446a9251cd68c7abdee377fe5a9ad8f40db5c44 wpt-pr: 22526
@mikewest PTAL |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM with some nits. I apologize for the delayed response, and thank you again for your ping yesterday.
To <dfn abstract-op>check a global object's embedder policy</dfn>, given a [=global object=] | ||
(|global|), a [=environment settings object=] (|owner|) and a [=request=] (|request|), then | ||
|
||
1. If |global| is a {{SharedWorkerGlobalScope}} or |global| is a {{ServiceWorkerGlobalScope}}, then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is fine for this patch, but do we really want to punt entirely on SharedWorker
/ServiceWorker
? I wonder if we need to do something to ensure that they can't be used as bridges between COEP and non-COEP pages?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the difference is that SharedWorker/ServiceWorker forms its own browser context group but DedicatedWorker doesn't.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
They form their own agent cluster and more importantly don't have a single owner.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Browsing context groups are only for holding top-level browsing contexts and agent clusters whose "root agent" is a window agent.
Co-Authored-By: Mike West <mike@mikewest.org>
Co-Authored-By: Mike West <mike@mikewest.org>
Thank you! |
Stop inheriting owner's policy, and use response's policy instead. Also
add a check to keep the invariance that when owner's COEP is
"require-corp" then the dedicated worker's COEP must also be
"require-corp".
Fixes whatwg/html#4924.