search

mikewest / securer-contexts

Secure Contexts, but with _more_ secureness!
19 stars 2 forks source link

History and window.frames #2

Closed annevk closed 2 months ago

annevk commented 4 years ago

I don't really want to tie this directly to COOP+COEP since they are so close (though maybe a future version?), but I think we can do more than accept the status quo for these features. (Saying COOP+COEP is the best possible answer is similar to saying that X-Frame-Options is the best possible answer for them, no?)

E.g.,

  1. Only first-parties (origin-bound, as per COOP+COEP) can push to history. History API is a complete no-op for third-parties.
  2. You can no longer enumerate on WindowProxy. Instead there's a same-origin property that gives you all WindowProxy objects for your origin. frame.contentWindow, window.parent, and window.top should probably still be there, but might also be worthy of further scrutiny.

Any other such channels I overlooked should be tackled at the same time.

(In response to https://github.com/w3ctag/design-reviews/issues/471#issuecomment-582493248 as I didn't want to get too "off-topic".)

annevk commented 4 years ago

(I guess another channel is the load event as discussed at https://github.com/shivanigithub/http-cache-partitioning/issues/2#issuecomment-580282052 onward.)

mikewest commented 4 years ago

I doubt anyone things COOP/COEP is the "best possible" solution for much of anything. :)

I also didn't want to get too off-topic in that other thread, but was also thinking that changing the APIs was probably a more reasonable approach than applying [SecureContext=Isolation] to them, especially in the short-term.

The kinds of proposals you've sketched above seem pretty reasonable to me. I was thinking of worse things like splitting WindowProxy into CrossOriginWindowProxy and SameOriginWindowProxy; special-purpose APIs to pull same-origin data feels better. @arturjanc might also have some opinions about quick fixes that we could deploy at Google.

Perhaps we can move this issue to HTML, and get it done, regardless of what we do with [SecureContext]?

annevk commented 4 years ago

I filed https://github.com/whatwg/html/issues/5272 and https://github.com/whatwg/html/issues/5273 with this a tiny bit flushed out.

mikewest commented 2 months ago

Archiving this repo, closing this out in favor of the bugs you filed (that we unfortunately didn't make much progress on).