Add a new sandbox keyword, allow-unique-origin, that causes the rendered content to execute in a unique non-null origin.
The origin of a document sandboxed in this way will be sandbox:["$RANDOM_UUID","$PRECURSOR_ORIGIN"]. For example, if https://example.com set a CSP: sandbox allow-unique-origin header, then the origin of the document would be sandbox:["9138ee47-c4f7-4e30-8751-acf51834e3f6","https://example.com"]. Having a unique origin that contains the precursor origin, makes it possible to implement a number of useful product features like checking the precursor origin when responding to CORS requests.
These sandboxed pages will have access to isolated new storage partitions with a lifetime scoped to the current page. This includes document.cookie, window.localStorage, window.caches, and more.
Since unique-origin documents are considered cross-origin (and cross-site) from the precursor origin (and any other origins), it should be process-isolated whenever possible by User Agents.
This proposal was discussed in W3C TPAC (slide and minutes).
@mikewest - as this was discussed at WebAppSec, do you think there's support for this to justify a new repo? (Or should this go as an issue on HTML or elsewhere, if it doesn't require a ton of incubation?)
Introduction
Add a new sandbox keyword,
allow-unique-origin
, that causes the rendered content to execute in a unique non-null
origin.The origin of a document sandboxed in this way will be
sandbox:["$RANDOM_UUID","$PRECURSOR_ORIGIN"]
. For example, ifhttps://example.com
set aCSP: sandbox allow-unique-origin
header, then the origin of the document would besandbox:["9138ee47-c4f7-4e30-8751-acf51834e3f6","https://example.com"]
. Having a unique origin that contains the precursor origin, makes it possible to implement a number of useful product features like checking the precursor origin when responding to CORS requests.These sandboxed pages will have access to isolated new storage partitions with a lifetime scoped to the current page. This includes
document.cookie
,window.localStorage
,window.caches
, and more.Since unique-origin documents are considered cross-origin (and cross-site) from the precursor origin (and any other origins), it should be process-isolated whenever possible by User Agents.
This proposal was discussed in W3C TPAC (slide and minutes).
Read the complete Explainer.
Feedback
I welcome feedback in this thread, but encourage you to file bugs against the Explainer.