Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[COOP] Fix noopener not being applied to same-origin-plus-coep cases #27759

Merged
merged 1 commit into from Mar 1, 2021

Conversation

@chromium-wpt-export-bot
Copy link
Collaborator

@chromium-wpt-export-bot chromium-wpt-export-bot commented Feb 24, 2021

COOP requires that when a frame opens a popup, if that frame is
cross-origin with its top frame, and its top frame COOP value is
same-origin, that popup should be opened with noopener.
This fixes the case where we have COOP: same-origin plus COEP:
require-corp, in which case COOP.value will be same-origin-plus-coep.

This fix also corrects the sandbox crash reported initially in the
linked bug.
Indeed sandboxed iframes have an opaque origin, and are therefore cross
origin with their top frame. Applying noopener ensures the initial empty
document is not cross origin isolated, which was the root cause of the
crash (before this, the initial empty document had coop:unsafe-none, but
was cross origin isolated)

Bug: 1181673
Fixed: 1181673

Change-Id: Iaef658778ac25da0c84763b6115ff40c105e618a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2712945
Commit-Queue: Pâris Meuleman <pmeuleman@chromium.org>
Auto-Submit: Pâris Meuleman <pmeuleman@chromium.org>
Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
Reviewed-by: Arthur Hemery <ahemery@chromium.org>
Cr-Commit-Position: refs/heads/master@{#858605}

Copy link
Collaborator

@wpt-pr-bot wpt-pr-bot left a comment

The review process for this patch is being conducted in the Chromium project.

@chromium-wpt-export-bot chromium-wpt-export-bot force-pushed the chromium-export-cl-2712945 branch 2 times, most recently from 7fd129c to 5ed91ca Feb 25, 2021
@chromium-wpt-export-bot chromium-wpt-export-bot changed the title [CrossOriginIsolation] Fix failed navigation leads to browser crash [COOP] Fix noopener not being applied to same-origin-plus-coep cases Feb 25, 2021
@chromium-wpt-export-bot chromium-wpt-export-bot force-pushed the chromium-export-cl-2712945 branch 5 times, most recently from 6ff61f0 to 8d41416 Feb 25, 2021
COOP requires that when a frame opens a popup, if that frame is
cross-origin with its top frame, and its top frame COOP value is
same-origin, that popup should be opened with noopener.
This fixes the case where we have COOP: same-origin plus COEP:
require-corp, in which case COOP.value will be same-origin-plus-coep.

This fix also corrects the sandbox crash reported initially in the
linked bug.
Indeed sandboxed iframes have an opaque origin, and are therefore cross
origin with their top frame. Applying noopener ensures the initial empty
document is not cross origin isolated, which was the root cause of the
crash (before this, the initial empty document had coop:unsafe-none, but
was cross origin isolated)

Bug: 1181673
Fixed: 1181673

Change-Id: Iaef658778ac25da0c84763b6115ff40c105e618a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2712945
Commit-Queue: Pâris Meuleman <pmeuleman@chromium.org>
Auto-Submit: Pâris Meuleman <pmeuleman@chromium.org>
Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
Reviewed-by: Arthur Hemery <ahemery@chromium.org>
Cr-Commit-Position: refs/heads/master@{#858605}
@chromium-wpt-export-bot chromium-wpt-export-bot force-pushed the chromium-export-cl-2712945 branch from 8d41416 to fee14c0 Mar 1, 2021
@chromium-wpt-export-bot chromium-wpt-export-bot merged commit e8b8eeb into master Mar 1, 2021
24 checks passed
24 checks passed
update-pr-preview
Details
Azure Pipelines Build #20210301.51 succeeded
Details
Azure Pipelines (./wpt test-jobs) ./wpt test-jobs succeeded
Details
Azure Pipelines (affected tests without changes: Safari Technology Preview) affected tests without changes: Safari Technology Preview succeeded
Details
Azure Pipelines (affected tests: Safari Technology Preview) affected tests: Safari Technology Preview succeeded
Details
Azure Pipelines (wpt.fyi hook: safari-preview-affected-tests) wpt.fyi hook: safari-preview-affected-tests succeeded
Details
Azure Pipelines (wpt.fyi hook: safari-preview-affected-tests-without-changes) wpt.fyi hook: safari-preview-affected-tests-without-changes succeeded
Details
download-firefox-nightly Community-TC (pull_request)
Details
lint Community-TC (pull_request)
Details
sink-task Community-TC (pull_request)
Details
staging.wpt.fyi - chrome[experimental] Chrome results
Details
staging.wpt.fyi - firefox[experimental] Firefox results
Details
staging.wpt.fyi - safari[experimental] Safari results
Details
update-built Community-TC (pull_request)
Details
wpt-chrome-dev-results Community-TC (pull_request)
Details
wpt-chrome-dev-results-without-changes Community-TC (pull_request)
Details
wpt-chrome-dev-stability Community-TC (pull_request)
Details
wpt-decision-task Community-TC (pull_request)
Details
wpt-firefox-nightly-results Community-TC (pull_request)
Details
wpt-firefox-nightly-results-without-changes Community-TC (pull_request)
Details
wpt-firefox-nightly-stability Community-TC (pull_request)
Details
wpt.fyi - chrome[experimental] Chrome results
Details
wpt.fyi - firefox[experimental] Firefox results
Details
wpt.fyi - safari[experimental] Safari results
Details
@chromium-wpt-export-bot chromium-wpt-export-bot deleted the chromium-export-cl-2712945 branch Mar 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants