Content-Language` headerLast-Modified` headerReferer` headerStructured headers'Structured header tokens'The following terms are defined in HTTP State Management Mechanism:
@@ -2610,6 +2612,7 @@ a.setAttribute('href', 'https://example.com/'); // change the content attributeThe following features are defined in Cross-Origin Embedder Policy:
+ +The Document has a cross-origin opener policy, which is a cross-origin
+ opener policy.
DocumentOrShadowRoot interfaceDOM defines the setting up a window environment settings object given realm
execution context and topLevelOrigin.
Let coop be a new cross-origin opener policy.
If creator is non-null and creator's origin is + same origin with creator's relevant settings object's + top-level origin, then set coop to creator's top-level + browsing context's active document's cross-origin opener policy.
Let document be a new Document, marked as an HTML document in quirks mode, whose content type is "text/html",
origin is origin, active sandboxing flag set is
sandboxFlags, feature policy is
- feature policy, and which is both ready for post-load tasks and
- completely loaded immediately.
Ensure that document has a single child html node, which itself
has two empty child nodes: a head element, and a body element.
A browsing context group has a cross-origin isolated boolean. It is initially false.
+ +The impact of cross-origin + isolated is under discussion in issue + #4734.
+To create a new browsing context group, run these steps:
@@ -77297,6 +77343,29 @@ console.assert(iframeWindow.frameElement === null);If current's top-level browsing context's active
+ document's cross-origin opener policy's
+ value is "same-origin" or
+ "same-origin-plus-COEP", then:
Let currentDocument be current's active + document.
If currentDocument's origin is not same origin
+ with currentDocument's relevant settings object's top-level
+ origin, then set noopener to true and name to "_blank".
In the presence of a cross-origin opener policy, nested + documents that are cross-origin with their top-level browsing context's active document, + always set noopener to true.
+Set new to true.
If noopener is true, then set chosen to the result @@ -79731,6 +79800,549 @@ interface BarProp { +
A cross-origin opener policy allows a document which is navigated to in a + top-level browsing context to force the creation of a new top-level browsing + context and its group. The + cross-origin opener policy consists of:
+ +A cross-origin opener policy value
+ (value), initially "unsafe-none".
A string or null (reporting
+ endpoint), initially null.
A cross-origin opener policy value
+ (report only value), initially "unsafe-none".
A string or null (report only reporting endpoint), initially null.
The cross-origin opener policy value consists of the following:
+ +unsafe-none"This is the (current) default and means that the document will occupy the same + top-level browsing context as its predecessor, unless that document specified a + different cross-origin opener policy.
same-origin-allow-popups"This forces the creation of a new top-level browsing context for the + document, unless its predecessor specified the same cross-origin opener policy and + they are same origin.
same-origin"This is equivalent to "same-origin-allow-popups". Additionally, any
+ auxiliary browsing context created needs to contain same origin
+ documents that also have the same cross-origin opener policy or it will appear
+ closed to the opener.
same-origin-plus-COEP"This is equivalent to "same-origin". Additionally, it sets the (new)
+ top-level browsing context's group's cross-origin isolated to true.
"same-origin-plus-COEP" cannot be directly set via the
+ `Cross-Origin-Opener-Policy` header, but
+ results from a combination of setting both Cross-Origin-Opener-Policy: same-origin and Cross-Origin-Embedder-Policy: require-corp together.
To obtain a cross-origin opener policy from a response response and an environment + environment:
+ +Let policy be a new cross-origin opener policy.
Let securityState be the result of executing Is environment + settings object a secure context? on environment.
If securityState is "Not Secure", then return
+ policy.
Let parsedValue be the result of getting a structured header
+ from response's header list given
+ name `Cross-Origin-Opener-Policy` and type
+ "item".
If parsedValue is not failure and is not null, then:
If parsedValue bare item is "same-origin", then:
Let coep be the result of obtaining a cross-origin embedder + policy from response.
If coep's value is
+ "require-corp", then set policy value to "same-origin-plus-COEP".
Else, set policy value to "same-origin".
If parsedValue bare item is "same-origin-allow-popups",
+ then set policy value to "same-origin-allow-popups".
If parsedValue's parameters["report-to"] exists and it is a string, then set reporting endpoint to + parsedValue's parameters["report-to"].
Let parsedReportOnlyValue be the result of getting a structured header
+ from response's header list given
+ name `Cross-Origin-Opener-Policy-Report-Only`
+ and type "item".
If parsedReportOnlyValue is not failure and is not null, then:
If parsedReportOnlyValue bare item is "same-origin", then:
Let coep be the result of obtaining a cross-origin embedder + policy from response.
If coep's value is
+ "require-corp" or coep's report only value is "require-corp", then set policy report only value to "same-origin-plus-COEP".
Report only COOP also considers report only COEP to assign the special "same-origin-plus-coep" value. This allows developers more freedom in the
+ order of deployment of COOP and COEP.
Else, set policy report only
+ value to "same-origin".
If parsedReportOnlyValue bare item is "same-origin-allow-popups", then set policy report only value to "same-origin-allow-popups".
If parsedReportOnlyValue's parameters["report-to"] exists and it is a string, then set report only reporting endpoint to + parsedReportOnlyValue's parameters["report-to"].
Return policy.
To match cross-origin opener policies, given a cross-origin opener policy value A, an + origin originA, a >cross-origin opener + policy value B, and an origin originB:
+ +If A is "unsafe-none" and B is "unsafe-none", then return true.
If A or B is "unsafe-none", then return
+ false.
If A is B and originA is same origin with + originB, then return true.
Return false.
To check if a navigation requires + a browsing context group switch, given a boolean isInitialEmptyDocument, a + sandboxing flag set sandboxFlags, two origins + activeDocumentNavigationOrigin, incumbentNavigationOrigin, and two cross-origin opener policy values + navigationCOOPValue, incumbentCOOPValue:
+ +If the result of matching
+ incumbentCOOPValue, incumbentNavigationOrigin,
+ navigationCOOPValue and activeDocumentNavigationOrigin is true, return
+ false.
If all of the following are true:
+ +isInitialEmptyDocument.
incumbentCOOPValue's value is "same-origin-allow-popups".
navigationCOOPValue is "unsafe-none".
then return false.
Return true.
To check if enforcing report only + COOP policies would require a browsing context group switch when navigating away from a COOP + page, given a boolean isInitialEmptyDocument, a sandboxing flag set + sandboxFlags, two origins + activeDocumentNavigationOrigin, incumbentNavigationOrigin, and three cross-origin opener policy values + navigationCOOPValue, navigationCOOPReportOnlyValue, + incumbentCOOPReportOnlyValue:
+ +Let browsingContextGroupSwitchNeeded be the result of checking if the navigation requires a + browsing context group switch given isInitialEmptyDocument, + sandboxFlags, activeDocumentNavigationOrigin, + incumbentNavigationOrigin, navigationCOOPValue and + incumbentCOOPReportOnlyValue.
If browsingContextGroupSwitchNeeded is false, return
+ false.
Let browsingContextGroupSwitchNeededReportOnly be the result of checking if the navigation requires a + browsing context group switch given isInitialEmptyDocument, + sandboxFlags, activeDocumentNavigationOrigin, + incumbentNavigationOrigin, navigationCOOPReportOnlyValue and + incumbentCOOPReportOnlyValue.
+ +Matching report only policies allows a website to specify the same report only + Cross-Origin-Opener-Policy on all its pages and not receive violation reports for navigations + between these pages.
+If browsingContextGroupSwitchNeededReportOnly is false,
+ return false.
Return true.
To check if enforcing report only + COOP policies would require a browsing context group switch when navigating to a COOP + page, given a boolean isInitialEmptyDocument, a sandboxing flag set + sandboxFlags, two origins + activeDocumentNavigationOrigin, incumbentNavigationOrigin, and three cross-origin opener policy values + navigationCOOPReportOnlyValue, incumbentCOOPValue, + incumbentCOOPReportOnlyValue:
+ +Let browsingContextGroupSwitchNeeded be the result of checking if the navigation requires a + browsing context group switch given isInitialEmptyDocument, + sandboxFlags, activeDocumentNavigationOrigin, + incumbentNavigationOrigin, navigationCOOPReportOnlyValue and + incumbentCOOPValue.
If browsingContextGroupSwitchNeeded is false, return
+ false.
Let browsingContextGroupSwitchNeededReportOnly be the result of checking if the navigation requires a + browsing context group switch given isInitialEmptyDocument, + sandboxFlags, activeDocumentNavigationOrigin, + incumbentNavigationOrigin, navigationCOOPReportOnlyValue and + incumbentCOOPReportOnlyValue.
+ +Matching report only policies allows a website to specify the same report only + Cross-Origin-Opener-Policy on all its pages and not receive violation reports for navigations + between these pages.
+If browsingContextGroupSwitchNeededReportOnly is false,
+ return false.
Return true.
To obtain a browsing context to use for a + navigation response, given a request + request, a response response, two + browsing contexts source and + browsingContext, a sandboxing flag set sandboxFlags, two origins activeDocumentNavigationOrigin, + incumbentNavigationOrigin, and a cross-origin opener policy + navigationCOOP:
+ +Let incumbentCOOP be the + cross-origin opener policy of currentBrowsingContext's active + document.
Let isInitialEmptyDocument be false. If
+ currentBrowsingContext's only entry in its session history is the
+ about:blank Document that was added when browsingContext was
+ created, set
+ isInitialEmptyDocument to true.
If navigationCOOP's report only
+ reporting endpoint is not null, then:
Let browsingContexGroupSwitchNeededReportOnly be the result of checking if enforcing report only COOP + policies would require a browsing context group switch when navigating to a COOP page, + given isInitialEmptyDocument, sandboxFlags, + activeDocumentNavigationOrigin, incumbentNavigationOrigin, + navigationCOOP's report only + value, incumbentCOOP's value, and + incumbentCOOP's report only + value.
If browsingContexGroupSwitchNeededReportOnly is true
+ and browsingContext's browsing context group's browsing context
+ set's size is strictly greater than 1, queue a violation report for
+ browsing context group switch when navigating to a COOP page with
+ navigationCOOP's report only
+ reporting endpoint, navigationCOOP's report only value, "reporting", response's URL, browsingContext's active
+ document's URL, and request's referrer.
If incumbentCOOP's report only
+ reporting endpoint is not null, then:
Let initialNavigationURL be a new empty URL.
If source and browsingContext are the same, set + initialNavigationURL to request's URL.
Let browsingContexGroupSwitchNeededReportOnly be the result of checking if enforcing report only + COOP policies would require a browsing context group switch when navigating away from a COOP + page, given isInitialEmptyDocument, sandboxFlags, + activeDocumentNavigationOrigin, incumbentNavigationOrigin, + navigationCOOP's value, + navigationCOOP's report only + value, and incumbentCOOP's report only value.
If browsingContexGroupSwitchNeededReportOnly is true
+ and browsingContext's browsing context group's browsing context
+ set's size is strictly greater than 1, Queue a violation report for
+ browsing context group switch when navigating away from a COOP page with
+ incumbentCOOP's report only
+ reporting endpoint, incumbentCOOP's report only value, "reporting", response's URL, browsingContext's active
+ document's URL, and initialNavigationURL.
Let browsingContextGroupSwitchNeeded be the result of checking if the navigation requires a + browsing context group switch given isInitialEmptyDocument, + sandboxFlags, activeDocumentNavigationOrigin, + incumbentNavigationOrigin, navigationCOOP's value, and incumbentCOOP's + value.
If browsingContextGroupSwitchNeeded is false, return + browsingContext.
If navigationCOOP's reporting
+ endpoint is not null, and browsingContext's
+ browsing context group's browsing context set's size is strictly greater than 1, queue a violation report for browsing context group switch
+ when navigating to a COOP page with navigationCOOP's reporting endpoint, navigationCOOP's value, "enforce", response's
+ URL, browsingContext's active
+ document's URL, and request's referrer.
If incumbentCOOP's reporting
+ endpoint is not null, and browsingContext's
+ browsing context group's browsing context set's
+ size is strictly greater than 1,
+ then:
Let initialNavigationURL be a new empty URL.
If source and browsingContext are the same, set + initialNavigationURL to request's URL.
Queue a violation report for browsing context
+ group switch when navigating away from a COOP page with incumbentCOOP's reporting endpoint, incumbentCOOP's
+ value, "enforce",
+ response's URL,
+ browsingContext's active document's URL, and
+ initialNavigationURL.
Let newBrowsingContextGroup be the result of creating a new + browsing context group.
If navigationCOOP's value is "same-origin-plus-COEP", then set newBrowsingContextGroup cross-origin isolated to true.
Let newBrowsingContext be the result of creating a new browsingContext in newBrowsingContextGroup.
If sandboxFlags is not empty, then:
+Assert navigationCOOP's value is
+ "unsafe-none".
Set newBrowsingContext's sandboxing flag set to + sandboxFlags.
Discard + currentBrowsingContext.
+ +This does not close currentBrowsingContext's browsing context + group except if it was the sole top-level browsing context in which case it could be + collected
+Return newBrowsingContext.
The impact of swapping browsing context groups following a navigation is not + defined. It is currently under discussion in issue 5350.
+ +To queue a violation report for browsing context group + switch when navigating to a COOP page given a string endpoint, a cross-origin opener policy value + COOPValue, a string disposition, a URL + navigationURL, a URL currentDocumentURL, and a + referrer referrer:
+ +
Let previousDocumentURL be referrer.
If currentDocumentURL and navigationURL are + same origin, set previousDocumentURL to + currentDocumentURL.
Set previousDocumentURL's username
+ to the empty string, and its password to null.
Let serializedPreviousDocumentURL be the result of executing the URL serializer on previousDocumentURL with the + exclude fragment flag set.
Let body be a new object containing the following properties with keys:
+ +key: "disposition", value: disposition.
key: "effective-policy", value: COOPValue.
key: "navigation-uri", value:
+ serializedPreviousDocumentURL.
key: "violation-type", value: "navigate-to-document".
Queue body as "coop" on endpoint
+ with navigationURL.
To queue a violation report for browsing context group + switch when navigating away from a COOP page given a string endpoint, a + cross-origin opener policy value COOPValue, a string + disposition, a URL navigationURL, a URL + currentDocumentURL, and a URL initialNavigationURL:
+ +
Let nextDocumentURL be initialNavigationURL.
If currentDocumentURL and navigationURL are + same origin, set nextDocumentURL to + navigationURL.
Set nextDocumentURL's username to
+ the empty string, and its password to null.
Let serializedNextDocumentURL be the result of executing the URL serializer on nextDocumentURL with the + exclude fragment flag set.
Let body be a new object containing the following properties with keys:
+ +key: "disposition", value: disposition.
key: "effective-policy", value: COOPValue.
key: "navigation-uri", value:
+ serializedNextDocumentURL.
key: "violation-type", value: "navigate-from-document".
Queue body as "coop" on endpoint
+ with currentDocumentURL.
text/vtt"multipart/x-mixed-replace"If browsingContext is a top-level browsing context, then:
+ +Set navigationCOOP to the result of obtaining a + cross-origin opener policy given response and + reservedEnvironment.
If sandboxFlags is not empty and navigationCOOP is not "unsafe-none", then display the inline
+ content with an appropriate error shown to the user, with the newly created
+ Document object's origin set to a new opaque origin, run the environment discarding steps for reservedEnvironment, and
+ return.
This results in a network error as one cannot simultaneously provide a clean + slate to a response using cross-origin opener policy and sandbox the result of navigating to + that response.
+Let newBrowsingContext be the value of obtaining a browsing context for the navigation + response given request, response, source, + browsingContext, sandboxFlags, activeDocumentNavigationOrigin, + incumbentNavigationOrigin, and navigationCOOP.
Let browsingContextSwitch be false.
If newBrowsingContext is not equal to browsingContext, then set + browsingContextSwitch to true.
Set browsingContext to the value of newBrowsingContext.
If browsingContext's only entry in its session history is the
initial about:blank Document that was added when
browsingContext was created, and
@@ -82129,8 +82780,9 @@ interface Location { // but see also type is type, content type is contentType,
origin is origin, feature
- policy is featurePolicy, and active sandboxing flag set is
- finalSandboxFlags.
If request is non-null, then set document's URL to request's @@ -82334,8 +82986,8 @@ new PaymentRequest(…); // Allowed to use
When an HTML document is to be loaded in a browsing - context, provided browsingContext, request, response, - sandboxFlags, incumbentNavigationOrigin, and + context, provided source, browsingContext, request, + response, sandboxFlags, incumbentNavigationOrigin, and activeDocumentNavigationOrigin, the user agent must queue a task on the networking task source to:
@@ -82343,8 +82995,9 @@ new PaymentRequest(…); // Allowed to useLet document be the result of creating and initializing a Document
object providing "html", "text/html",
- request, response, browsingContext, sandboxFlags,
- incumbentNavigationOrigin, and activeDocumentNavigationOrigin.
Create an HTML parser and associate it with the document. Each @@ -82377,16 +83030,17 @@ new PaymentRequest(…); // Allowed to use
When faced with displaying an XML file inline, provided browsingContext, - request, response, sandboxFlags, +
When faced with displaying an XML file inline, provided source,
+ browsingContext, request, response, sandboxFlags,
incumbentNavigationOrigin, and activeDocumentNavigationOrigin, user agents
must follow the requirements defined in XML and Namespaces in XML,
XML Media Types, DOM, and other relevant specifications to create and initialize a Document object
providing "xml", type, request, response,
- browsingContext, sandboxFlags, incumbentNavigationOrigin, and
- activeDocumentNavigationOrigin. It must also create and a corresponding XML
- parser.
At the time of writing, the XML specification community had not actually yet specified how XML and the DOM interact.
@@ -82431,15 +83085,16 @@ new PaymentRequest(…); // Allowed to useWhen a plain text document is to be loaded in a browsing context, provided - browsingContext, request, response, sandboxFlags, - incumbentNavigationOrigin, and activeDocumentNavigationOrigin, the user - agent must queue a task on the networking task source to: + source, browsingContext, request, response, + sandboxFlags, incumbentNavigationOrigin, and + activeDocumentNavigationOrigin, the user agent must queue a task on the + networking task source to:
Let document be the result of creating and initialize a Document object
providing "html", type, request,
- response, browsingContext, sandboxFlags,
+ response, source, browsingContext, sandboxFlags,
incumbentNavigationOrigin, and activeDocumentNavigationOrigin.
Create an HTML parser and associate it with the document. Act as @@ -82508,7 +83163,7 @@ new PaymentRequest(…); // Allowed to use
When an image, video, or audio resource is to be loaded in a browsing context, - provided browsingContext, request, response, + provided source, browsingContext, request, response, sandboxFlags, incumbentNavigationOrigin, and activeDocumentNavigationOrigin, the user agent should: @@ -82516,7 +83171,7 @@ new PaymentRequest(…); // Allowed to use
Let document be the result of creating and initialize a Document object
providing "html", type, request,
- response, browsingContext, sandboxFlags,
+ response, source, browsingContext, sandboxFlags,
incumbentNavigationOrigin, and activeDocumentNavigationOrigin.
Append an html element to document.
When a resource that requires an external resource to be rendered is to be loaded in a - browsing context, provided browsingContext, request, - response, sandboxFlags, incumbentNavigationOrigin, and - activeDocumentNavigationOrigin, the user agent should: + browsing context, provided source, browsingContext, + request, response, sandboxFlags, + incumbentNavigationOrigin, and activeDocumentNavigationOrigin, the user + agent should:
Let document be the result of creating and initialize a Document object
providing "html", type, request,
- response, browsingContext, sandboxFlags,
+ response, source, browsingContext, sandboxFlags,
incumbentNavigationOrigin, and activeDocumentNavigationOrigin.
Mark document as being a plugin document
When the user agent is to display a user agent page inline in a browsing context,
the user agent should create and initialize a
Document object providing "html", "text/html", null, null, browsingContext, an empty set, null, and null,
- and then either associate that Document with a custom rendering that is not rendered
- using the normal Document rendering rules, or mutate that Document until
- it represents the content the user agent wants to render.
Document with a custom rendering that is not
+ rendered using the normal Document rendering rules, or mutate that
+ Document until it represents the content the user agent wants to render.
@@ -115741,6 +116397,86 @@ interface External {
+ Cross-Origin-Opener-Policy`This section describes a header for registration in the Permanent Message Header Field + Registry.
+ +The Cross-Origin-Opener-Policy HTTP
+ response header field allows a server to declare an opener policy for a given document. It is a
+ Structured Header whose value MUST be a token. Its ABNF is:
Cross-Origin-Opener-Policy = sh-item
Valid Cross-Origin-Opener-Policy values include "unsafe-none", "same-origin-allow-popups" and "same-origin". These values may have a parameter specifying a string which
+ represents the endpoint for violation reporting.
In order to support forward-compatibility with as-yet-unknown request types, user agents MUST
+ ignore this header if it contains an invalid value. Likewise, user agents MUST ignore this header if
+ the value cannot be parsed as a sh-token.
Cross-Origin-Opener-Policy-Report-Only`This section describes a header for registration in the Permanent Message Header Field + Registry.
+ +The Cross-Origin-Opener-Policy-Report-Only
+ HTTP response header field allows a server to declare an opener policy for a given document. It is
+ a Structured Header whose value MUST be a token. Its ABNF is:
Cross-Origin-Opener-Policy-Report-Only = sh-item
Valid Cross-Origin-Opener-Policy-Report-Only values include "unsafe-none", "same-origin-allow-popups" and "same-origin". These values may have a parameter specifying a string which
+ represents the endpoint for violation reporting.
In order to support forward-compatibility with as-yet-unknown request types, user agents MUST
+ ignore this header if it contains an invalid value. Likewise, user agents MUST ignore this header if
+ the value cannot be parsed as a sh-token.