Open Bug 1723801 Opened 3 years ago Updated 3 months ago

Isolate COOP sites using Android Fission

Categories

(Core :: DOM: Content Processes, enhancement)

Product:
Core
Component:
DOM: Content Processes
Platform:
All
Android
Type:
enhancement

Tracking

()

People

(Reporter: cpeterson, Unassigned)

References

(Depends on 1 open bug)

Details

(Whiteboard: [fission:android:m3])

Google announced:

Chrome [92] will now trigger Site Isolation based on the new Cross-Origin-Opener-Policy (COOP) response header. Supported since Chrome 83, this header allows operators of security-conscious websites to request a new browsing context group for certain HTML documents.
...
Site Isolation will treat non-default values of the COOP header on any document as a signal that the document's underlying site may have sensitive data and will start isolating such sites. Thus, site operators who wish to ensure their sites are protected by Site Isolation on Android can do so by serving COOP headers on their sites.

Implementing COOP site isolation in Gecko depends on the site isolation policy pref from bug 1723797.

Agi asked if COOP site isolation could land in Nightly 93 or 94.

No longer blocks: 1729640

Nika, does isolating COOP sites block Android Fission or depend on it?

Depends on: gv-fission
Flags: needinfo?(nika)

This depends on Android Fission, as effectively my understanding of what they did was mark sites which load with COOP specified as "high-value". We copy this somewhat for our high-value tracking with the high value coop permission: https://searchfox.org/mozilla-central/rev/c130c69b7b863d5e28ab9524b65c27c7a9507c48/netwerk/protocol/http/HttpBaseChannel.cpp#2679-2680.

I'm not sure there's much else to do here once we've enabled android fission with the high-value handling enabled.

Flags: needinfo?(nika)
Blocks: gv-fission
No longer depends on: gv-fission
No longer blocks: gv-fission
Depends on: gv-fission
You need to log in before you can comment on or make changes to this bug.