1610852 - `Cross-Origin-Opener-Policy: same-origin` header doesn't seem to force new BrowsingContext

Status: RESOLVED INVALID

(Core :: DOM: Navigation, defect, P3)

Description

[Alexandre Poirot [:ochameau]]

I'm not 100% confident my test page is correct:
http://techno-barje.fr/fission/header/
It just does this in php:

<?php
header("Cross-Origin-Opener-Policy: same-origin");
?>

But I would expect it to force the creation of a new BrowsingContext.

Here is my STR:

• ensure fission is enabled
• open mozilla.org
• open the browser console
• evaluate gBrowser.selectedBrowser.browsingContext.id to see what is the current BrowsingContext ID.
• navigate to http://techno-barje.fr/fission/header/
• re-evaluate gBrowser.selectedBrowser.browsingContext.id and see that the ID did not changed.

Is my test case wrong, or do we have an issue here?

Comment 1

[Olli Pettay [:smaug][bugs@pettay.fi]]

I don't know about the status of COOP implementation. Perhaps nika knows, or knows who knows?
If needed, this should block some COOP meta bug or so.

Comment 2

[Nika Layzell [:nika] (ni? for response)]

I don't work on the COOP/COEP stuff anymore, so I'm not up-to-date on what's going on, but this is surprising to me (assuming that the crossOriginOpenerPolicy pref is correctly enabled).

:valentin, can you look into this?

Comment 3

[Valentin Gosu [:valentin] (he/him)]

(In reply to Alexandre Poirot [:ochameau] from comment #0)

I'm not 100% confident my test page is correct:
http://techno-barje.fr/fission/header/
It just does this in php:

<?php
header("Cross-Origin-Opener-Policy: same-origin");
?>

• navigate to http://techno-barje.fr/fission/header/

COOP headers are only processed for secure contexts (HTTPS).
Please reopen the bug if you find the same happens with HTTPS. Thanks!