Secure Context in bundles that don't have an origin? #763
Comments
|
Note that in "navigate-to-bundle" case, a browser doesn't use the URL of the resource in the bundle as Origin. For example if you drag-and-drop a bundle (e.g. The address bar: instead of The address bar: ( The each resource's URL is just appended to the bundle's URL. The bundle's resource can't claim its origin because the bundle is not signed. Note we don't have any plan to support a signed web bundle in "navigate-to-bundle" at this point. That's a hard unresolved problem. |
|
Thanks for your reply!
That makes sense. But, to be clear, this question was in regard to bundles that don't have a "real" origin - i.e. where a "dummy" origin like Is it not possible for originless web bundles to have a secure context - a bit like It seems like a bad idea to prevent standalone web bundles from using features like clipboard, geolocation, getUserMedia, accelerometer, bluetooth, storage, etc. My impression is that Apologies if I'm misunderstanding some important details here! |
We're in the process of prototyping "isolated apps", which are similar to what you describe here. You can find an explainer here: https://github.com/reillyeon/isolated-web-apps and more details on the integration with web bundles here: https://github.com/WICG/webpackage/blob/main/explainers/integrity-signature.md. |
|
@cmfcmf I'm super excited about that proposal! That said, I got the impression that Isolated Web Apps are very "locked down" and designed for super high-security use cases, at the cost of many conveniences that are normally taken for granted in web dev. I imagined that Web Bundles would be more like a regular website. But I might have gotten the wrong impression, since I didn't dive too deep when I looked into it. And just reading the README of Isolated Web Apps now I noticed this:
So if some of the harsher restrictions can be eased (e.g. inline script stuff, switching COEP header to |
That's fair! The fact that isolated apps lose a lot of convenience compared to regular websites is something we are aware of.
This could still become true. The fact that isolated apps happen to use web bundles in a more locked-down way doesn't mean that there couldn't be a future where web bundles are also used more similar to regular websites, but in an "exe" format, co-existing with the isolated app use case. I didn't want to suggest that isolated apps would fit this use case exactly, but rather bring them to your attention as something related (not realizing that you were already aware of the explainer). |
|
[Issue Triage] It seems we can close this. |
Regarding the "navigate-to-bundle" use case of web bundles, is it currently possible for a standalone, originless bundle to be considered a secure context by the browser, such that the web page could use geolocation and other sensitive features like that?
If not, are there specific security concerns that would need to be addressed before originless bundles could be considered secure contexts by browsers?
An increasingly large number of useful browser features are gated behind the secure context requirement, and so I think it's important that originless web bundles are able to access these features.
I'm not sure on the details of how this would work spec-wise or user-agent-wise, but it might have something to do with how
localhostis treated as a secure context? Just a random guess.The text was updated successfully, but these errors were encountered: