Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTML: ensure serializing SharedArrayBuffer throws without COOP+COEP #17802

Merged
merged 1 commit into from Aug 6, 2019

Conversation

@annevk
Copy link
Member

annevk commented Jul 12, 2019

@annevk
Copy link
Member Author

annevk commented Jul 12, 2019

#17760 and #17761 should probably land first as otherwise we end up with contradictory state.

Copy link
Member

foolip left a comment

Can you add tests for when the "allow sidechannel attacks" flag is true?

Have you also searched for tests that already try to postMessage SABs? Those will need updating.

@annevk
Copy link
Member Author

annevk commented Jul 15, 2019

@foolip see the PRs I referenced and also #17690. This is part of a larger set of changes that addresses those concerns.

@foolip
Copy link
Member

foolip commented Jul 15, 2019

@annevk I see, that's being tracked then.

@foolip
foolip approved these changes Jul 15, 2019
@annevk annevk merged commit aecedb5 into master Aug 6, 2019
12 checks passed
12 checks passed
manifest-build-and-tag manifest-build-and-tag
Details
website-build-and-publish website-build-and-publish
Details
wpt.fyi - chrome[experimental] Chrome results
Details
wpt.fyi - firefox[experimental] Firefox results
Details
wpt.fyi - safari[experimental] Safari results
Details
Azure Pipelines Build #20190712.37 succeeded
Details
Azure Pipelines (./wpt test-jobs) ./wpt test-jobs succeeded
Details
Azure Pipelines (affected tests without changes: Safari Technology Preview) affected tests without changes: Safari Technology Preview succeeded
Details
Azure Pipelines (affected tests: Safari Technology Preview) affected tests: Safari Technology Preview succeeded
Details
Azure Pipelines (wpt.fyi hook: safari-preview-affected-tests) wpt.fyi hook: safari-preview-affected-tests succeeded
Details
Azure Pipelines (wpt.fyi hook: safari-preview-affected-tests-without-changes) wpt.fyi hook: safari-preview-affected-tests-without-changes succeeded
Details
Taskcluster (pull_request) TaskGroup: success
Details
@annevk annevk deleted the annevk/sab-throws-without-coop-coep branch Aug 6, 2019
annevk added a commit to whatwg/html that referenced this pull request Jun 29, 2020
A top-level navigation response with Cross-Origin-Opener-Policy set to same-origin and Cross-Origin-Embedder-Policy set to require-corp will create a cross-origin isolated browsing context group. And all agent clusters therein will be cross-origin isolated as well (shared and service workers can still not be, as they sit on the side).

This change also:

* Gates SharedArrayBuffer exposure behind that primitive for web compatibility reasons.
* Gates SharedArrayBuffer sharing behind that primitive.
* Exposes it through self.crossOriginIsolated.
* Makes document.domain return before it mutates the origin.
* Makes agent clusters keyed on origin.

Tests:

* web-platform-tests/wpt#17719
* web-platform-tests/wpt#17760
* web-platform-tests/wpt#17761
* web-platform-tests/wpt#17802
* web-platform-tests/wpt#17909
* web-platform-tests/wpt#18543
* web-platform-tests/wpt#20116
* web-platform-tests/wpt#22358

Closes #4732. Closes #5122. Closes #5444.

Follow-up: #5435.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.