Shouldn't propagate origin attributes to the new window in rel="noopener"

RESOLVED WONTFIX

Status

()

Core
DOM: Security
P3
normal
RESOLVED WONTFIX
2 years ago
2 years ago

People

(Reporter: allstars, Unassigned)

Tracking

(Blocks: 1 bug)

Trunk
Points:
---

Firefox Tracking Flags

(firefox53 affected)

Details

(Whiteboard: [OA][tor][domsecurity-backlog1])

Right now in a container tab or in a tab with firstPartyIsolation is enabled, the new created window from window.open will inherit the origin attributes from the opener.

Should we use the default OA when the rel="noopener" is specified?
I think we should keep the same OA because otherwise a website can use this rel="noopener" to see if you have first party isolation.

Updated

2 years ago
Whiteboard: [OA] [tor] [domsecurity-backlog1]
(Assignee)

Updated

2 years ago
Summary: Shouldn't propage origin attributes to the new window in rel="noopener" → Shouldn't propagate origin attributes to the new window in rel="noopener"

Updated

2 years ago
Whiteboard: [OA] [tor] [domsecurity-backlog1] → [OA][tor][domsecurity-backlog1]

Comment 2

2 years ago
The usercontextId should propogate to the new window, but firstPartyDomain should not.

Comment 3

2 years ago
Private Mode should propagate.
(Assignee)

Updated

2 years ago
No longer blocks: 1191418

Updated

2 years ago
Priority: -- → P3
So most attributes are okay, and for firstPartyDomain we will focus on Bug 1321158 first.
Close this as WONTFIX.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → WONTFIX

Comment 5

2 years ago
(In reply to Yoshi Huang[:allstars.chh] from comment #4)
> So most attributes are okay, and for firstPartyDomain we will focus on Bug
> 1321158 first.
> Close this as WONTFIX.

Thanks for confirming all of these. :)
You need to log in before you can comment on or make changes to this bug.