Closed Bug 1486836 (cowp) Opened 6 years ago Closed 5 years ago

Cross-Origin Window Policy (COWP)

Tracking

()

Status:

RESOLVED DUPLICATE of bug 1521808

People

(Reporter: tjr, Unassigned)

References

(Blocks 1 open bug)

Details

Tom Ritter [:tjr] (OOTO until 4/30 at least)

Reporter

Description

•

6 years ago

https://groups.google.com/a/chromium.org/forum/#!msg/isolation-policy/zueJF9ad20g/XYL_YXHgAwAJ
https://github.com/whatwg/html/issues/3740

COWP is a mechanism to break DOM access across windows.  Components of COWP have been proposed, however the final specification is not finalized. Proposals ahve included:

a) Severing window.open: Making window.opener and the result of window.open appear as if the referenced window was closed (.closed is true)

b) Severing iframes: Making an iframe's window.parent, and the embedding reference iframe.contentWindow, appear as if the referenced window was closed

c) Preventing navigation of referenced windows (window.parent, window.open, iframe.src)

d) Blocking (or selectively allowing) postMessage

e) Limiting or restricting the use of document.domain

f) Requiring setting CORP and/or X-Frame-Options to limit embedding/framing

Tom Ritter [:tjr] (OOTO until 4/30 at least)

Reporter

Updated

•

6 years ago

Updated

•

6 years ago

Component: DOM: Security → DOM

Andrew McCreight [:mccr8]

Updated

•

6 years ago

Priority: -- → P3

Neha Kochar [:neha]

Updated

•

5 years ago

Status: NEW → RESOLVED

Closed: 5 years ago

Resolution: --- → DUPLICATE

Nobody; OK to take it and work on it

Assignee

Updated

•

5 years ago

Component: DOM → DOM: Core & HTML

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Cross-Origin Window Policy (COWP)

Categories

(Core :: DOM: Core & HTML, defect, P3)

Tracking

()

People

(Reporter: tjr, Unassigned)

References

(Blocks 1 open bug)

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Updated

Updated