Isolate COOP sites using Android Fission
Categories
(Core :: DOM: Content Processes, enhancement)
Tracking
()
People
(Reporter: cpeterson, Unassigned)
References
(Depends on 1 open bug)
Details
(Whiteboard: [fission:android:m3])
Chrome [92] will now trigger Site Isolation based on the new Cross-Origin-Opener-Policy (COOP) response header. Supported since Chrome 83, this header allows operators of security-conscious websites to request a new browsing context group for certain HTML documents.
...
Site Isolation will treat non-default values of the COOP header on any document as a signal that the document's underlying site may have sensitive data and will start isolating such sites. Thus, site operators who wish to ensure their sites are protected by Site Isolation on Android can do so by serving COOP headers on their sites.
Implementing COOP site isolation in Gecko depends on the site isolation policy pref from bug 1723797.
Agi asked if COOP site isolation could land in Nightly 93 or 94.
Reporter | ||
Comment 1•3 months ago
|
||
Nika, does isolating COOP sites block Android Fission or depend on it?
Comment 2•3 months ago
|
||
This depends on Android Fission, as effectively my understanding of what they did was mark sites which load with COOP
specified as "high-value". We copy this somewhat for our high-value tracking with the high value coop permission: https://searchfox.org/mozilla-central/rev/c130c69b7b863d5e28ab9524b65c27c7a9507c48/netwerk/protocol/http/HttpBaseChannel.cpp#2679-2680.
I'm not sure there's much else to do here once we've enabled android fission with the high-value handling enabled.
Reporter | ||
Updated•3 months ago
|
Reporter | ||
Updated•3 months ago
|
Description
•