Closed Bug 1574000 Opened 1 year ago Closed 5 months ago

Obtaining COOP only works over a secure context

Categories

(Core :: DOM: Networking, defect, P2)

defect

Tracking

()

RESOLVED FIXED
mozilla71
Tracking Status
firefox71 --- fixed

People

(Reporter: juhsu, Assigned: juhsu)

References

(Blocks 1 open bug)

Details

(Whiteboard: [necko-triaged])

Attachments

(1 file)

The bug is for semi-formal spec change here
https://gist.github.com/annevk/6f2dd8c79c77123f39797f6bdac43f3e

Please see
https://w3c.github.io/webappsec-secure-contexts/#is-settings-object-contextually-secure

Since we only consider Cross-Origin-Opener-Policy for toplevel document loads, no need to worry about neither sandbox nor parent browsing context.

Hence, the following item is the only thing we need to check

3.1.5.5 document’s active sandboxing flag set does not include the sandboxed origin browsing context flag, and §3.2 Is origin potentially trustworthy? returns "Not Trustworthy" when executed upon settings’s origin.

Nhi, please find a new assignee for this while Junior is out.

Flags: needinfo?(nhnguyen)

Junior will resume this work as discussed.

Flags: needinfo?(nhnguyen)
Pushed by juhsu@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/9c5d1947a72e
Obtain COOP only over a secure context r=nika,bzbarsky
Blocks: resab
Status: NEW → ASSIGNED
Status: ASSIGNED → RESOLVED
Closed: 5 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla71
You need to log in before you can comment on or make changes to this bug.