Use structured field value parser for COOP and COEP
Categories
(Core :: DOM: Core & HTML, enhancement, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox82 | --- | fixed |
People
(Reporter: agektmr, Assigned: valentin)
References
(Blocks 4 open bugs)
Details
Attachments
(1 file)
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4100.0 Safari/537.36
Steps to reproduce:
Go to https://first-party-test.glitch.me/?coep=require-corp
This website demonstrates how COOP and COEP works. In this state, following header is attached:
cross-origin-embedder-policy: require-corp
In the UI, check 'Reporting' checkbox at the top to enable reporting feature. Following COEP header will be received:
cross-origin-embedder-policy: require-corp; report-to="coep"
Actual results:
COEP is ignored and cross-origin resources are loaded and displayed.
Expected results:
Even though reporting api is not implemented in Firefox yet, it should ignore the report-to annotation and block the cross-origin resources without CORP / CORS.
|
||
Updated•4 years ago
|
|
||
Comment 1•4 years ago
|
||
Eiji, I agree that we should probably do this, are you aware of WPT parser tests here? It would be good to have extensive coverage before attempting to change this. (Same for COOP I suppose.)
Valentin, let's use this as tracking bug for that parser issue I mentioned.
Jens, we might need to do this before shipping. Not marking as a blocker for now, but it would probably be good to have this covered as otherwise sites that deploy with reporting would not get their policy enforced in Firefox.
|
||
Updated•4 years ago
|
|
||
Comment 2•4 years ago
|
||
Because this bug's Severity has not been changed from the default since it was filed, and it's Priority is P3 (Backlog,) indicating it has been triaged, the bug's Severity is being updated to S3 (normal.)
|
|
||
Comment 3•4 years ago
|
||
The moment we have a structured field value parser (see bug 1631722) we should start using it for COOP and COEP.
|
|
||
Comment 4•4 years ago
|
||
New parsing tests are almost ready:
- https://github.com/web-platform-tests/wpt/pull/20873 (COOP)
- https://github.com/web-platform-tests/wpt/pull/20852 (COEP)
Valentin, is this something you can pick up? Hopefully it's relatively straightforward now we have a structured field value library?
|
Assignee | |
Comment 5•4 years ago
|
||
Yes. I already wrote the patch for COOP. COEP should be easy too.
|
|
Assignee | |
Comment 6•4 years ago
|
||
Pushed by valentin.gosu@gmail.com: https://hg.mozilla.org/integration/autoland/rev/ad066d1a0def Use structured field value parser for COOP and COEP r=kershaw,annevk,necko-reviewers
Backout by malexandru@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/02450e51825b Backed out changeset ad066d1a0def for causing wpt failures in header-parsing.https.html
|
||
Comment 9•4 years ago
|
||
Backed out changeset ad066d1a0def (Bug 1626486) for causing wpt failures in header-parsing.https.html
Backout link: https://hg.mozilla.org/integration/autoland/rev/02450e51825b2fed16cb3be00c811afe97c8ff92
Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=314457074&repo=autoland&lineNumber=2478
|
|
Assignee | |
Updated•4 years ago
|
|
||
Comment 10•4 years ago
|
||
Pushed by valentin.gosu@gmail.com: https://hg.mozilla.org/integration/autoland/rev/b78a4c92aae2 Use structured field value parser for COOP and COEP r=kershaw,annevk,necko-reviewers
|
||
Comment 11•4 years ago
|
||
| bugherder | ||
Description
•