Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify behavior when the receiving page attempts to navigate itself #455

Closed
tidoust opened this issue Jun 19, 2018 · 3 comments
Closed

Clarify behavior when the receiving page attempts to navigate itself #455

tidoust opened this issue Jun 19, 2018 · 3 comments

Comments

@tidoust
Copy link
Member

tidoust commented Jun 19, 2018

Issue initially raised in #449 (comment)

In 6.6.1, the Presentation API spec says that, in receiving contexts, "The top-level browsing context MUST NOT be allowed to navigate itself", but it does not explain what is to happen if it attempts to do so.

Two main possibilities:

  1. Abort with a SecurityError.
  2. Close the receiving browsing context.

We should probably be doing 1. (see #449 (comment)): it is consistent with the navigate algorithm in HTML when the context is not "allowed to navigate" and is developer-friendly since it allows them to debug the situation. Problem is it is harder to implement and it does not match what Chrome is currently doing. Second possibility matches how Chrome currently behaves, is easier to implement, but makes it harder for developers to debug and is not consistent with the usual navigation algorithm.
@mfoltzgoogle
Copy link
Contributor

Spec comments:

  • Our spec should reference the allowed to navigate algorithm in HTML because we already referencing the sandboxed top-level navigation browsing context flag that is used by it.
  • However presentation receivers also block self-navigation, which has no equivalent in HTML. The spec should be clear this is an additional condition on top of HTML allowed to navigate.

Implementation comments:

  • Because there is no flag in HTML for the self-navigation case, aborting navigation or throwing is more challenging.
  • I don't see a strong use case for receiving user agents offering to open in a new window, but no reason to block it.
  • Therefore, in the spec I recommend that the behavior for blocked navigation SHOULD be consistent with HTML.

I can put together a PR along these lines for review.

In the long run, this requirement may be too restrictive. For example, in Chrome PWA's are allowed to self-navigate within their URL scope without showing an address bar. We should think about the tradeoffs here.

@mfoltzgoogle
Copy link
Contributor

Regarding Chrome's behavior specifically, filed https://crbug.com/949350 to improve the behavior here, but it's tricky.

@mfoltzgoogle mfoltzgoogle mentioned this issue Apr 4, 2019
Merged
@mfoltzgoogle
Copy link
Contributor

Closed by PR #461.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tidoust @mfoltzgoogle