COOP: Navigations to non-initial about:blank #6913
Labels
topic: cross-origin-opener-policy
Issues and ideas around the new "inverse of rel=noopener" header.
Comments
|
cc @camillelamy |
|
Yes this is not currently well defined in the spec. We're working on the inheritance problem as part of the PolicyContainer effort. We do plan to move COOP to be in the PolicyContainer, and integrate it with the COOP check during navigate a fetch. This should spec the inheritance of COOP as expected in the WPT test. The behavior of the WPT is really what we want to have at the end. |
annevk
added
the
topic: cross-origin-opener-policy
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I found the following comment in html/cross-origin-opener-policy/navigate-to-aboutblank.https.html WPT test:
For the first subtest in the test, we have:
The subtest does not expect a browsing context group switch, which I find a bit surprising based on the specification.
Let's consider the final navigation to non-initial "about:blank):
From navigate a fetch (Step 12.5.5):
I believe this would set responseOrigin to origin A (resolved from incumbentNavigationOrigin).
Then step 12.5.6.1 says:
I believe this would set responseCOOP to 'unsafe-none', no? Since I don't expect the response for about:blank to contain any COOP HTTP header.
If so, this would mean that step 12.5.6.3 would call 'enforcing the response's cross-origin opener policy' and we would decide to do a browsing context group switch. This is because activeDocumentCOOPValue != responseCOOPValue and activeDocumentCOOPValue would be 'same-origin' here.
Am I misinterpreting the spec or is there some text missing in the spec to inherit the responseCOOP from the navigation requester's top document COOP?
The text was updated successfully, but these errors were encountered: