Closed
Bug 1319031
Opened 8 years ago
Closed 7 years ago
Shouldn't propagate origin attributes to the new window in rel="noopener"
Categories
(Core :: DOM: Security, defect, P3)
Core
DOM: Security
Tracking
()
RESOLVED
WONTFIX
Tracking | Status | |
---|---|---|
firefox53 | --- | affected |
People
(Reporter: allstars.chh, Assigned: allstars.chh)
References
(Blocks 1 open bug)
Details
(Whiteboard: [OA][tor][domsecurity-backlog1])
Right now in a container tab or in a tab with firstPartyIsolation is enabled, the new created window from window.open will inherit the origin attributes from the opener. Should we use the default OA when the rel="noopener" is specified?
Comment 1•8 years ago
|
||
I think we should keep the same OA because otherwise a website can use this rel="noopener" to see if you have first party isolation.
Updated•8 years ago
|
Whiteboard: [OA] [tor] [domsecurity-backlog1]
Assignee | ||
Updated•8 years ago
|
Summary: Shouldn't propage origin attributes to the new window in rel="noopener" → Shouldn't propagate origin attributes to the new window in rel="noopener"
Updated•8 years ago
|
Whiteboard: [OA] [tor] [domsecurity-backlog1] → [OA][tor][domsecurity-backlog1]
Comment 2•8 years ago
|
||
The usercontextId should propogate to the new window, but firstPartyDomain should not.
Comment 3•8 years ago
|
||
Private Mode should propagate.
Assignee | ||
Updated•8 years ago
|
No longer blocks: ContextualIdentity
Updated•7 years ago
|
Priority: -- → P3
Assignee | ||
Comment 4•7 years ago
|
||
So most attributes are okay, and for firstPartyDomain we will focus on Bug 1321158 first. Close this as WONTFIX.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
Comment 5•7 years ago
|
||
(In reply to Yoshi Huang[:allstars.chh] from comment #4) > So most attributes are okay, and for firstPartyDomain we will focus on Bug > 1321158 first. > Close this as WONTFIX. Thanks for confirming all of these. :)
You need to log in
before you can comment on or make changes to this bug.
Description
•