Open Bug 1914564 Opened 1 year ago Updated 1 month ago

NS_ERROR_DOM_COOP_FAILED

Categories

(Core :: DOM: Core & HTML, defect, P3)

Product:
Core
Component:
DOM: Core & HTML
Version:
Firefox 129
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: biscpefp67, Unassigned)

Details

Attachments

(1 file)

NS_ERROR_DOM_COOP_FAILED.mp4
349.09 KB, video/mp4
Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0

Steps to reproduce:

  • Search for for video on duckduckgo.com
  • Click on any youtube.com result
  • duckduckgo gives you the choice to "View here" or "View on Youtube"
  • Select "View here"
  • After playback of video starts, click on youtube logo in the video

Actual results:

  • Youtube.com will be opened in a new tab but site will be reported as "blocked"
  • Network analysis reports a NS_ERROR_DOM_COOP_FAILED failure

Expected results:

Youtube.com shoudn't be blocked

(Can be reproduced on macOS and Windows 11)

The Bugbug bot thinks this bug should belong to the 'Core::Networking' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Networking
Product: Firefox → Core

BTW: The created tab blocks during its life span not only requests to youtube.com, but also further Google domains e.g. google.com, google.de, etc...

Eden and Valentin have touched this code (HttpBaseChannel.cpp) for COOP errors. Tentatively moving to DOM

Component: Networking → DOM: Core & HTML
Flags: needinfo?(valentin.gosu)
Flags: needinfo?(echuang)

I tested with Chrome 128.0.6613,84 and Safari 17.6 (19618.3.11.11.5), and got the same result with Firefox.

And the response's cross-origin-opener-policy header is "same-origin-allow-popups"

And we return NS_ERROR_DOM_COOP_FAILED here
https://searchfox.org/mozilla-central/rev/490a1df802d8872f996f8ef4093d54e3c854c8f9/netwerk/protocol/http/HttpBaseChannel.cpp#2751-2759

As Steffen mentioned in comment 2, this is because the new tab inherited the restriction from the sandbox iframe.

This is still an open issue on the spec. https://github.com/whatwg/html/issues/6356.

Keeping this bug open as p3/s3 to tracking the spec discussion and implementation.

Severity: -- → S3
Flags: needinfo?(valentin.gosu)
Flags: needinfo?(echuang)
Priority: -- → P3

Asking here before filing a new bug: I can get it consistently when clicking on a LinkedIn link in resumes from Greenhouse. Every time I need to copy the link, and paste it in a new tab.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: