Closed Bug 1574000 Opened 5 years ago Closed 5 years ago

Obtaining COOP only works over a secure context

Categories

(Core :: DOM: Networking, defect, P2)

Product:
Core
Component:
DOM: Networking
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla71
Tracking Flags:
Tracking Status
firefox71 --- fixed

People

(Reporter: CuveeHsu, Assigned: CuveeHsu)

References

Details

(Whiteboard: [necko-triaged])

Attachments

(1 file)

Bug 1574000 - Obtain COOP only over a secure context
47 bytes, text/x-phabricator-request
Details | Review

The bug is for semi-formal spec change here
https://gist.github.com/annevk/6f2dd8c79c77123f39797f6bdac43f3e

Please see
https://w3c.github.io/webappsec-secure-contexts/#is-settings-object-contextually-secure

Since we only consider Cross-Origin-Opener-Policy for toplevel document loads, no need to worry about neither sandbox nor parent browsing context.

Hence, the following item is the only thing we need to check

3.1.5.5 document’s active sandboxing flag set does not include the sandboxed origin browsing context flag, and §3.2 Is origin potentially trustworthy? returns "Not Trustworthy" when executed upon settings’s origin.

Nhi, please find a new assignee for this while Junior is out.

Flags: needinfo?(nhnguyen)

Junior will resume this work as discussed.

Flags: needinfo?(nhnguyen)
Pushed by juhsu@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/9c5d1947a72e Obtain COOP only over a secure context r=nika,bzbarsky
Blocks: resab
Status: NEW → ASSIGNED

https://hg.mozilla.org/mozilla-central/rev/9c5d1947a72e

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox71: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla71
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: