Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proposal: Transition 'document-domain' feature to Document Policy #414

Closed
theblue888 opened this issue Dec 6, 2020 · 4 comments
Closed

Proposal: Transition 'document-domain' feature to Document Policy #414

theblue888 opened this issue Dec 6, 2020 · 4 comments

Comments

@theblue888
Copy link

This seems right to me. We should likely move/copy document-domain as well.

Originally posted by @mikewest in #410 (comment)
@clelland clelland changed the title This seems right to me. We should likely move/copy document-domain as well. Proposal: Transition 'document-domain' feature to Document Policy Dec 7, 2020
@clelland
Copy link
Collaborator

clelland commented Dec 7, 2020

(Updated the title to make it stand alone)

'document-domain' is currently defined in HTML and used in the domain setter steps.

We could move this to a Document Policy configuration point, but need to be aware of what it means to give different frame independent control over this feature. One of the original ideas was that disabling this would be a prerequisite for isolating origins in separate agent clusters: if two frames in the same tree, a.example.com and b.example.com, can never set their domain to be able to script each other, then they can be isolated on creation.

However, if they are allowed to set it independently, you can have a situation where Frame 1 (a.example.com) disables document.domain, Frame 2 (b.example.com) does not, and then a third frame (also at a.example.com) is created, which also does not disable it. That frame should be in the same agent cluster as Frame 1, since they are same origin, but at the same time, it could set domain to be able to script Frame 2 directly instead.

Moving to document policy is probably the right thing to do for this API, but it means that other mechanisms need to be used to declare isolation properties.

(I'm sure this has all been discussed before; I just want to make sure it's explicit here)

@annevk
Copy link
Member

annevk commented Dec 7, 2020

document.domain on its own was never quite sufficient for that as there is at least one other feature which has a wider scope. Origin Isolation (which might get renamed to Origin Agent Cluster) offers what you are looking for.

@mikewest
Copy link
Member

mikewest commented Dec 7, 2020

As Anne notes, disabling/enabling document.domain has little in itself to do with cluster assignment. I'd like it to be a distinct toggle, as that gives us a clear deprecation story. Document Policy seems like the current best place for that thing.

In your example, frame 2 and frame 3 would indeed be capable of colluding directly by not opting-out of document.domain (or, in a post-https://github.com/mikewest/deprecating-document-domain world, opting-into it). Until we get rid of the mechanism entirely, I think that's both fine and expected.

@clelland
Copy link
Collaborator

clelland commented Dec 6, 2022

Closing; this has been tried (in both locations) and removed from the relevant spec. #491 removes document-domain from the list of defined features.

@clelland clelland closed this as completed Dec 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mikewest @clelland @annevk @theblue888