Right now in a container tab or in a tab with firstPartyIsolation is enabled, the new created window from window.open will inherit the origin attributes from the opener. Should we use the default OA when the rel="noopener" is specified?
I think we should keep the same OA because otherwise a website can use this rel="noopener" to see if you have first party isolation.
Summary: Shouldn't propage origin attributes to the new window in rel="noopener" → Shouldn't propagate origin attributes to the new window in rel="noopener"
Whiteboard: [OA] [tor] [domsecurity-backlog1] → [OA][tor][domsecurity-backlog1]
The usercontextId should propogate to the new window, but firstPartyDomain should not.
Private Mode should propagate.
So most attributes are okay, and for firstPartyDomain we will focus on Bug 1321158 first. Close this as WONTFIX.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → WONTFIX
(In reply to Yoshi Huang[:allstars.chh] from comment #4) > So most attributes are okay, and for firstPartyDomain we will focus on Bug > 1321158 first. > Close this as WONTFIX. Thanks for confirming all of these. :)
You need to log in before you can comment on or make changes to this bug.