Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

COOP and HTTPS state "deprecated" #5669

Closed
domenic opened this issue Jun 24, 2020 · 0 comments
Closed

COOP and HTTPS state "deprecated" #5669

domenic opened this issue Jun 24, 2020 · 0 comments
Assignees
@domenic
Labels
security/privacy There are security or privacy implications topic: cross-origin-opener-policy Issues and ideas around the new "inverse of rel=noopener" header

Comments

@domenic
Copy link
Member

domenic commented Jun 24, 2020

c9fddd7 introduced COOP with the secure context check using "Is url potentially trustworthy?". This gives the wrong answer for cases where the environment's HTTPS state is "deprecated".

#5659 can provide the foundation to fix this, allowing us to check the environment, instead of the URL.
@domenic domenic added security/privacy There are security or privacy implications topic: cross-origin-opener-policy Issues and ideas around the new "inverse of rel=noopener" header labels Jun 24, 2020
@domenic domenic mentioned this issue Jun 24, 2020
Merged
@domenic domenic self-assigned this Jun 24, 2020
domenic added a commit that referenced this issue Jun 24, 2020
@domenic
Update COOP to use new "secure context" definition
0ce158b 
Fixes #5669. This also fixes existing mismatched parameter passing to
the "obtain a cross-origin opener policy" algorithm.
domenic added a commit that referenced this issue Jun 25, 2020
@domenic
Update COOP secure context checking
c4657eb 
Fixes #5669. This also fixes existing mismatched parameter passing to
the "obtain a cross-origin opener policy" algorithm.
mfreed7 pushed a commit to mfreed7/html that referenced this issue Sep 11, 2020
@domenic @mfreed7
Update COOP secure context checking
b797497 
Fixes whatwg#5669. This also fixes existing mismatched parameter passing to
the "obtain a cross-origin opener policy" algorithm.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@domenic domenic

Labels
security/privacy There are security or privacy implications topic: cross-origin-opener-policy Issues and ideas around the new "inverse of rel=noopener" header
Milestone
No milestone
Development

No branches or pull requests
1 participant
@domenic