Partition PostMessage API by storage key - Githubissues

uazo / cromite

Cromite a Bromite fork with ad blocking and privacy enhancements; take back your browser!

https://www.cromite.org/

GNU General Public License v3.0

2.98k stars 68 forks source link

Partition PostMessage API by storage key #1232

Open uazo opened 1 month ago

uazo commented 1 month ago

Preliminary checklist

[X] I have read the README
[X] I have searched existing issues for my feature request. This is a new issue (NOT a duplicate) and is not related to another issue.
[X] I have searched wont fix issues and this request is not among them
[X] This is a feature request for the Cromite browser; not the website nor F-Droid nor anything else.

Is your feature request related to privacy?

Yes

Is there a patch available for this feature somewhere?

no, but there is a issue https://issues.chromium.org/issues/40737536

Describe the solution you would like

Currently, seems that blink code allows communication between third-party iframes and top frames, even cross-partition, even with an opaque source.

as stated by the chromium team:

This enables cross-site communication that links users' identities
across sites and perpetuates cross-site tracking.

it is necessary to understand what has been done and what needs to be changed.

Describe alternatives you have considered

n/a

uazo commented 1 month ago

step 1:

expose flags to ui