diff --git a/source b/source index c8972b4e2ab..5d8fe00f9d8 100644 --- a/source +++ b/source @@ -2543,6 +2543,8 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
  • `Content-Language` header
  • `Last-Modified` header
  • `Referer` header
    • +
  • `Structured headers'
    • +
  • `Structured header tokens'

    • The following terms are defined in HTTP State Management Mechanism:

    @@ -2610,6 +2612,7 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
  • url list
  • status
  • header list
    • +
  • getting a structured header
  • body
  • internal response
  • CSP list
    • @@ -4020,6 +4023,23 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
  • start an idle period algorithm
    • + +
    Cross-Origin Embedder Policy
    + +
    +

    The following features are defined in Cross-Origin Embedder Policy:

    + + +
    +
    @@ -8985,6 +9005,10 @@ partial interface Document { data-x="concept-document-module-map">module map, which is a module map, initially empty.

    +

    The Document has a cross-origin opener policy, which is a cross-origin + opener policy, initially "unsafe-none".

    +

    The DocumentOrShadowRoot interface

    DOM defines the setting up a window environment settings object given realm execution context and topLevelOrigin.

    +

  • Let coop be "unsafe-none".

    • + +

  • If creator is non-null and creator's origin is + same origin with creator's relevant settings object's + top-level origin, then set coop to creator's top-level + browsing context's active document's cross-origin opener policy.

    • +

  • Let document be a new Document, marked as an HTML document in quirks mode, whose content type is "text/html", origin is origin, active sandboxing flag set is sandboxFlags, feature policy is - feature policy, and which is both ready for post-load tasks and - completely loaded immediately.

    • + feature policy, cross-origin opener policy + is coop, and which is both ready for post-load tasks and completely + loaded immediately.

  • Ensure that document has a single child html node, which itself has two empty child nodes: a head element, and a body element.

    • @@ -76999,6 +77032,13 @@ console.assert(iframeWindow.frameElement === null); keys to agent clusters). User agents are responsible for collecting agent clusters when it is deemed that nothing can access them anymore.

    +

    A browsing context group has a cross-origin isolated boolean. It is initially false.

    + +

    The impact of cross-origin + isolated is under discussion in issue + #4734.

    +

    To create a new browsing context group, run these steps:

    @@ -77297,6 +77337,29 @@ console.assert(iframeWindow.frameElement === null);
      +
    1. +

      If current's top-level browsing context's active + document's cross-origin opener policy is + "same-origin" or "same-origin-plus-COEP", + then:

      + +
        +

      1. Let currentDocument be current's active + document.

        2. + +
      2. +

        If currentDocument's origin is not same origin + with currentDocument's relevant settings object's top-level + origin, then set noopener to true and name to "_blank".

        + +

        In the presence of a cross-origin opener policy, nested + documents that are cross-origin with their top-level browsing context's active document, + always set noopener to true.

        +
        3. +
      +
      2. +

    2. Set new to true.

    3. If noopener is true, then set chosen to the result @@ -79731,6 +79794,177 @@ interface BarProp { +

      Cross-origin opener policies

      + +

      A cross-origin opener policy allows a document which is navigated to in a + top-level browsing context to force the creation of a new top-level browsing + context and its group. It has one of the following + values:

      + +
      +
      "unsafe-none"
      +

      This is the (current) default and means that the document will occupy the same + top-level browsing context as its predecessor, unless that document specified a + different cross-origin opener policy.

      + +
      "same-origin-allow-popups"
      +

      This forces the creation of a new top-level browsing context for the + document, unless its predecessor specified the same cross-origin opener policy and + they are same origin.

      + +
      "same-origin"
      +

      This is equivalent to "same-origin-allow-popups". Additionally, any + auxiliary browsing context created needs to contain same origin + documents that also have the same cross-origin opener policy or it will appear + closed to the opener.

      + +
      "same-origin-plus-COEP"
      +
      +

      This is equivalent to "same-origin". Additionally, it sets the (new) + top-level browsing context's group's cross-origin isolated to true.

      + +

      "same-origin-plus-COEP" cannot be directly set via the + `Cross-Origin-Opener-Policy` header, but + results from a combination of setting both Cross-Origin-Opener-Policy: same-origin and Cross-Origin-Embedder-Policy: require-corp together.

      +
      +
      + +

      To obtain a cross-origin opener policy from a response response and an environment + environment:

      + +
        +

      1. Let securityState be the result of executing Is environment + settings object a secure context? on environment.

        2. + +

      2. If securityState is "Not Secure", then return "unsafe-none".

        3. + +

      3. Let parsedValue be the result of getting a structured header + from response's header list given + name `Cross-Origin-Opener-Policy` and type + "item".

        4. + +

      4. If parsedValue is failure or null, then return "unsafe-none".

        5. + +

      5. If parsedValue bare item is not "same-origin" or "same-origin-allow-popups", then return "unsafe-none".

        6. + +
      6. +

        If parsedValue bare item is "same-origin", then:

        + +
          +

        1. Let coep be the result of obtaining a cross-origin embedder + policy from response.

          2. + +

        2. If coep is "require-corp", then return "same-origin-plus-COEP".

          3. +
        +
        7. + +

      7. Return parsedValue bare item.

        8. +
      + +

      To match cross-origin opener policies, given a + cross-origin opener policy A, an origin originA, a + cross-origin opener policy B, and an origin + originB:

      + +
        +

      1. If A is "unsafe-none" and B is "unsafe-none", then return true.

        2. + +

      2. If A or B is "unsafe-none", then return + false.

        3. + +

      3. If A is B and originA is same origin with + originB, then return true.

        4. + +

      4. Return false.

        5. +
      + +

      To obtain a browsing context to use for a + navigation response, given a response + response, a browsing context + browsingContext, a sandboxing flag set sandboxFlags, two origins activeDocumentNavigationOrigin, + incumbentNavigationOrigin, and a cross-origin opener policy + navigationCOOP:

      + +
        +

      1. Let incumbentCOOP be the + cross-origin opener policy of currentBrowsingContext's active + document.

        2. + +

      2. If the result of matching + incumbentCOOP, incumbentNavigationOrigin, + navigationCOOP and activeDocumentNavigationOrigin is true, return + browsingContext.

        3. + +
      3. +

        If all of the following are true:

        + +
          +

        • currentBrowsingContext's only entry in its session history is + the about:blank Document that was added when + browsingContext was created.

          • + +

        • activeDocumentCOOP is "same-origin-allow-popups".

          • + +

        • navigationCOOP is "unsafe-none".

          • +
        + +

        then return browsingContext.

        +
        4. + +

      4. Let newBrowsingContextGroup be the result of creating a new + browsing context group.

        5. + +

      5. If navigationCOOP is "same-origin-plus-COEP", then set + newBrowsingContextGroup cross-origin + isolated to true.

        6. + +

      6. Let newBrowsingContext be the result of creating a new browsingContext in newBrowsingContextGroup.

        7. + +
      7. +

        If sandboxFlags is not empty, then:

        +
          +

        1. Assert navigationCOOP is "unsafe-none".

          2. + +

        2. Set newBrowsingContext's sandboxing flag set to + sandboxFlags.

          3. +
        +
        8. + +
      8. +

        Discard + currentBrowsingContext.

        + +

        This does not close currentBrowsingContext's browsing context + group except if it was the sole top-level browsing context in which case it could be + collected

        +
        9. + +

      9. Return newBrowsingContext.

        10. +
      + +

      The impact of swapping browsing context groups following a navigation is not + defined. It is currently under discussion in issue 5350.

      + + +

      Session history and navigation

      The session history of browsing contexts

      @@ -82086,6 +82320,45 @@ interface Location { // but see also unsafe-none      ".

      4. + +
    4. +

      If browsingContext is a top-level browsing context, then:

      + +
        +

      1. Set navigationCOOP to the result of obtaining a + cross-origin opener policy given response and + reservedEnvironment.

        2. + +
      2. +

        If sandboxFlags is not empty and navigationCOOP is not "unsafe-none", then display the inline + content with an appropriate error shown to the user, with the newly created + Document object's origin set to a new opaque origin, run the environment discarding steps for reservedEnvironment, and + return.

        + +

        This results in a network error as one cannot simultaneously provide a clean + slate to a response using cross-origin opener policy and sandbox the result of navigating to + that response.

        +
        3. + +

      3. Let newBrowsingContext be the value of obtaining a browsing context for the navigation + response given response, browsingContext, sandboxFlags, + activeDocumentNavigationOrigin, incumbentNavigationOrigin, and + navigationCOOP.

        4. + +

      4. Let browsingContextSwitch be false.

        5. + +

      5. If newBrowsingContext is not equal to browsingContext, then set + browsingContextSwitch to true.

        6. + +

      6. Set browsingContext to the value of newBrowsingContext.

        7. +
      +
      5. +

    5. If browsingContext's only entry in its session history is the initial about:blank Document that was added when browsingContext was created, and @@ -82129,8 +82402,9 @@ interface Location { // but see also type is type, content type is contentType, origin is origin, feature - policy is featurePolicy, and active sandboxing flag set is - finalSandboxFlags.

      6. + policy is featurePolicy, active sandboxing flag set is + finalSandboxFlags, and cross-origin opener + policy is navigationCOOP.

    6. If request is non-null, then set document's URL to request's @@ -115746,6 +116020,43 @@ interface External { +

      `Cross-Origin-Opener-Policy`

      + +

      This section describes a header for registration in the Permanent Message Header Field + Registry.

      + +

      The Cross-Origin-Opener-Policy HTTP + response header field allows a server to declare an opener policy for a given document. It is a + Structured Header whose value MUST be a token. Its ABNF is:

      + +

      Cross-Origin-Opener-Policy = sh-item

      + +

      Valid Cross-Origin-Opener-Policy values include "unsafe-none", "same-origin-allow-popups" and "same-origin".

      + +

      In order to support forward-compatibility with as-yet-unknown request types, user agents MUST + ignore this header if it contains an invalid value. Likewise, user agents MUST ignore this header if + the value cannot be parsed as a sh-token.

      + +
      +
      Header field name:
      +
      Cross-Origin-Opener-Policy
      +
      Applicable protocol:
      +
      http
      +
      Status:
      +
      standard
      +
      Author/Change controller:
      +
      WHATWG
      +
      Specification document(s):
      +
      + This document is the relevant specification. +
      +
      Related information:
      +
      None.
      +
      +

      Index

      @@ -120274,6 +120585,9 @@ INSERT INTERFACES HERE
      [COMPUTABLE]
      (Non-normative) On computable numbers, with an application to the Entscheidungsproblem, A. Turing. In Proceedings of the London Mathematical Society, series 2, volume 42, pages 230-265. London Mathematical Society, 1937.
      +
      [COEP]
      +
      Cross-Origin Embedder Policy, M. West. WICG.
      +
      [COOKIES]
      HTTP State Management Mechanism, A. Barth. IETF.
      @@ -120446,6 +120760,7 @@ INSERT INTERFACES HERE
      Hypertext Transfer Protocol (HTTP/1.1): Range Requests, R. Fielding, Y. Lafon, J. Reschke. IETF.
      Hypertext Transfer Protocol (HTTP/1.1): Caching, R. Fielding, M. Nottingham, J. Reschke. IETF.
      Hypertext Transfer Protocol (HTTP/1.1): Authentication, R. Fielding, J. Reschke. IETF.
      +
      Structured Field Values for HTTP, M. Nottingham, Fastly, P-H. Kamp, The Varnish Cache Project. IETF.
      [INDEXEDDB]
      Indexed Database API, A. Alabbas, J. Bell. W3C.