[wpt-sync] Sync PR 31731 - [Fixit] Make sandbox + COOP break the opener.
Categories
(Core :: DOM: Core & HTML, task, P4)
Tracking
()
Tracking | Status | |
---|---|---|
firefox96 | --- | fixed |
People
(Reporter: mozilla.org, Unassigned)
References
()
Details
(Whiteboard: [wptsync downstream])
Sync web-platform-tests PR 31731 into mozilla-central (this bug is closed when the sync is complete).
PR: https://github.com/web-platform-tests/wpt/pull/31731
Details from upstream follow.
Arthur Hemery <ahemery@chromium.org> wrote:
[Fixit] Make sandbox + COOP break the opener.
Sandbox flags and COOP cannot currently live on the same page. This was
decided when first implementing COOP. If COOP and sandboxing flags are
present on the same top level window, we return an error page instead,
and COOP has no effect.Exploits have been discovered recently about abusing an opened window
and history to be able to guess the cross-origin url using the history
API. See:
https://bugs.chromium.org/p/chromium/issues/detail?id=1208614Error pages were left out from the fix, because it would be inelegant
to insert error pages into history after a successful reload. That means
error pages can potentially be used to guess a cross-origin URL.If in general this is acceptable, in our case its worse for two reasons:
- COOP is used to protect pages that are usually more valuable or hold
important data.- It is possible to reach an error page after response without relying
on timing, etc.Therefore we'd like to sever the opener when we fail after receiving a
response, if the target page did set COOP. Basically we'd like to change
the spec to enforce COOP even when we fail because of COOP+sandbox.Spec discussion can be found here:
https://github.com/whatwg/html/issues/7345On the implementation side, this patch adds the WPTs necessary to the
spec change, and the modified behavior. We set the COOP value before
the Sandbox + COOP failure to have access to it in the policy container.
We update the policy container inheritance for error pages, to take into
account COOP if it was set. That breaks the invariant of having all
error pages use "unsafe-none".We only want error pages to sever their opener (and do things implied by
COOP), we never want them to end up in cross-origin isolated contexts.
We add an exception to the centralized computation of
WebExposedIsolationInfo to exclude error pages. They are never
considered cross-origin isolated.This does not alter the reload behavior, as this only happens for cases
where reloads would not be successful anyway.Bug: 1256823
Change-Id: Ic79623a2b752608bc46a031d1f567308441d42e0Reviewed-on: https://chromium-review.googlesource.com/3293412
WPT-Export-Revision: 11357d6ccb739dbd4cd3ac107c2db9f523885844
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Comment 1•2 years ago
|
||
Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=f20214fd6ed0c7bee22d84406fd9594831104ff2
Assignee | ||
Comment 2•2 years ago
|
||
CI Results
Ran 11 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI
Total 1 tests and 2 subtests
Status Summary
Firefox
OK : 1
FAIL : 2
Chrome
OK : 1
FAIL : 2
Safari
TIMEOUT: 3
Links
Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base
Details
New Tests That Don't Pass
/html/cross-origin-opener-policy/coop-sandbox-cuts-opener.https.html
<iframe sandbox="allow-popups allow-scripts allow-same-origin"> Sandboxed Cross-Origin-Opener-Policy popup should cut the opener if necessary: FAIL (Chrome: FAIL, Safari: TIMEOUT)
<iframe sandbox="allow-popups allow-scripts"> Sandboxed Cross-Origin-Opener-Policy popup should cut the opener if necessary: FAIL (Chrome: FAIL, Safari: TIMEOUT)
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/c76d22e7f14d [wpt PR 31731] - [Fixit] Make sandbox + COOP break the opener., a=testonly https://hg.mozilla.org/integration/autoland/rev/4b775b074d17 [wpt PR 31731] - Update wpt metadata, a=testonly
Comment 4•2 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/c76d22e7f14d
https://hg.mozilla.org/mozilla-central/rev/4b775b074d17
Description
•