Closed Bug 1319031 Opened 8 years ago Closed 7 years ago

Shouldn't propagate origin attributes to the new window in rel="noopener"

Categories

(Core :: DOM: Security, defect, P3)

Product:
Core
Component:
DOM: Security
Type:
defect

Tracking

()

Status:
RESOLVED WONTFIX
Tracking Flags:
Tracking Status
firefox53 --- affected

People

(Reporter: allstars.chh, Assigned: allstars.chh)

References

(Blocks 1 open bug)

Details

(Whiteboard: [OA][tor][domsecurity-backlog1]) 

Right now in a container tab or in a tab with firstPartyIsolation is enabled, the new created window from window.open will inherit the origin attributes from the opener.

Should we use the default OA when the rel="noopener" is specified?
I think we should keep the same OA because otherwise a website can use this rel="noopener" to see if you have first party isolation.
Whiteboard: [OA] [tor] [domsecurity-backlog1]
Summary: Shouldn't propage origin attributes to the new window in rel="noopener" → Shouldn't propagate origin attributes to the new window in rel="noopener"
Whiteboard: [OA] [tor] [domsecurity-backlog1] → [OA][tor][domsecurity-backlog1]
The usercontextId should propogate to the new window, but firstPartyDomain should not.
Private Mode should propagate.
Priority: -- → P3
So most attributes are okay, and for firstPartyDomain we will focus on Bug 1321158 first.
Close this as WONTFIX.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
(In reply to Yoshi Huang[:allstars.chh] from comment #4)
> So most attributes are okay, and for firstPartyDomain we will focus on Bug
> 1321158 first.
> Close this as WONTFIX.

Thanks for confirming all of these. :)
You need to log in before you can comment on or make changes to this bug.