Add cross-origin opener policy

Tests: https://github.com/web-platform-tests/wpt/tree/master/html/cross-origin-opener-policy Closes: whatwg#4580
camillelamy · Mar 12, 2020 · da1bbb8 · da1bbb8
1 parent 916a923
commit da1bbb8
Showing 1 changed file with 200 additions and 4 deletions.
diff --git a/source b/source
@@ -9356,6 +9356,10 @@ partial interface <dfn id="document" data-lt="">Document</dfn> {
   data-x="concept-document-module-map">module map</dfn>, which is a <span>module map</span>,
   initially empty.</p>
 
+  <p>The <code>Document</code> has a <dfn data-dfn-for="Document"
+  data-x="concept-document-coop">cross-origin opener policy</dfn>, which is a <span data-x="cross-origin-opener-policy">cross-origin
+  opener policy</span>, initially empty.</p>
+
   <h4>The <code>DocumentOrShadowRoot</code> interface</h4>
 
   <p><cite>DOM</cite> defines the <code data-x="DOM
@@ -79322,13 +79326,28 @@ dictionary <dfn>DragEventInit</dfn> : <span>MouseEventInit</span> {
    settings object">setting up a window environment settings object</span> given <var>realm
    execution context</var> and <var>topLevelOrigin</var>.</p></li>
 
+   <li>
+    <p>Let <var>COOP</var> be a <span
+    data-x="cross-origin-opener-policy">cross-origin-opener-policy</span> with value "<code
+    data-x="">unsafe-none</code>". Then:</p>
+
+    <ul>
+     <li><p>If <var>creator</var> is non-null and <var>creator</var> is <span>same origin</span>
+     with its <span>top-level browsing context</span>'s <code>Document</code>, then set
+     <var>COOP</var> to <var>creator</var>'s <span>top-level browsing context</span>'s
+     <code>Document</code>'s <span data-x="concept-document-coop">cross-origin opener
+     policy</span>.</p></li>
+    </ul>
+   </li>
+
    <li><p>Let <var>document</var> be a new <code>Document</code>, marked as an <span data-x="HTML
    documents">HTML document</span> in <span>quirks mode</span>, whose <span
    data-x="concept-document-content-type">content type</span> is "<code data-x="">text/html</code>",
    <span>origin</span> is <var>origin</var>, <span>active sandboxing flag set</span> is
    <var>sandboxFlags</var>, <span data-x="concept-document-feature-policy">feature policy</span> is
-   <var>feature policy</var>, and which is both <span>ready for post-load tasks</span> and
-   <span>completely loaded</span> immediately.</p></li>
+   <var>feature policy</var>, <span data-x="concept-document-coop">cross-origin opener policy</span>
+   is <var>COOP</var>, and which is both <span>ready for post-load tasks</span> and <span>completely
+   loaded</span> immediately.</p></li>
 
    <li><p>Ensure that <var>document</var> has a single child <code>html</code> node, which itself
    has two empty child nodes: a <code>head</code> element, and a <code>body</code> element.</p></li>
@@ -80177,6 +80196,22 @@ console.assert(iframeWindow.frameElement === null);
 
      <dd>
       <ol>
+       <li>
+	<p>If <var>current</var>'s <span>top-level browsing context</span>'s <span>active
+	document</span>'s <span data-x="cross-origin-opener-policy">cross-origin opener
+	policy</span> is "<code data-x="">same-origin</code>" or "<code data-x="">same-origin +
+	COEP</code>", then:</p>
+
+        <ol>
+	 <li><p>Let <var>currentDocument</var> be <var>current</var>'s <span>active
+	 document</span>.</p> </li>
+
+	 <li><p>If <var>currentDocument</var>'s <span>origin</span> is not <span>same origin</span>
+	 with <var>current</var>'s <span>top-level browsing context</span>'s <span>active
+	 document</span> 's <span>origin</span>, then set <var>noopener</var> to true.</p></li>
+        </ol>
+       </li>
+
        <li><p>Set <var>new</var> to true.</p></li>
 
        <li id="noopener"><p>If <var>noopener</var> is true, then set <var>chosen</var> to the result
@@ -82720,6 +82755,83 @@ interface <dfn>BarProp</dfn> {
 
 
 
+  <h3>Cross-origin opener policy</h3>
+
+  <p>Each <code>Document</code> have an associated <dfn
+  data-x="cross-origin-opener-policy">cross-origin opener policy</dfn>, which restricts which
+  <span>browsing context</span>s can share its <span>browsing context group</span>. The <span
+  data-x="cross-origin-opener-policy">cross-origin opener policy</span> has the following
+  values:</p>
+
+  <ul>
+   <li><p>"<code data-x="">same-origin + COEP</code>"</p></li>
+
+   <li><p>"<code data-x="">same-origin</code>"</p></li>
+
+   <li><p>"<code data-x="">same-origin-allow-popups</code>"</p></li>
+
+   <li><p>"<code data-x="">unsafe-none</code>"</p></li>
+
+   <p class="note">"<code data-x="">same-origin + COEP</code>" is a special value that cannot be
+   directly set but is the result of setting <span data-x="cross-origin-opener-policy">COOP</span>
+   and COEP for a <span>top-level browsing context</span>'s <code>Document</code> at the same time.
+   </p>
+  </ul>
+
+  <p>To <dfn data-x="obtain-coop">obtain a cross-origin opener policy</dfn> from a <span
+  data-x="concept-response">response</span> <var>response</var>:</p>
+
+  <ol>
+   <li><p>Let <var>HTTPSState</var> be the <span data-x="concept-response-https-state">HTTPS
+   state</span> of <var>response</var>.</p></li>
+
+   <li><p>If <var>HTTPSState</var> is "<code data-x="">none</code>", then return "<code
+   data-x="">unsafe-none</code>".</p> </li>
+
+   <li><p>Let <var>value</var> be the result of getting "<code
+   data-x="">Cross-Origin-Opener-Policy</code>" from <var>response</var>'s <span
+   data-x="concept-response-header-list">header list</span>.</p></li>
+
+   <li><p>If <var>value</var> is null, then return "<code data-x="">unsafe-none</code>".</p></li>
+
+   <li><p>Let <var>decodedValue</var> be <var>value</var>, isomorphic decoded.</p></li>
+
+   <li><p>If <var>decodedValue</var> is not "<code data-x="">same-origin</code>" or "<code
+   data-x="">same-origin-allow-popups</code>", then return "<code
+   data-x="">unsafe-none</code>".</p></li>
+
+   <li><p>If <var>decodedValue</var> is "<code data-x="">same-origin</code>", then:</p>
+
+   <ol>
+    <li><p>Let <var>coep</var> be the result of obtaining a cross-origin embedder policy from
+    <var>response</var>.</p></li>
+
+    <li><p>If <var>coep</var> is "<code data-x="">require-corp</code>", then return "<code
+    data-x="">same-origin + COEP</code>".</p></li>
+   </ol>
+   </li>
+
+   <li><p>Return <var>decodedValue</var></p></li>
+  </ol>
+
+  <p>To <dfn data-x="matching-coop">match cross-origin opener policies</dfn>, given a <span
+  data-x="cross-origin-opener-policy">COOP</span> <var>A</var>, an <span>origin</span>
+  <var>originA</var>, a <span data-x="cross-origin-opener-policy">COOP</span> <var>B</var> and an
+  <span>origin</span> <var>originB</var>:</p>
+
+  <ol>
+   <li><p>If <var>A</var> is "<code data-x="">unsafe-none</code>" and <var>B</var> is "<code
+   data-x="">unsafe-none</code>", then return true.</p></li>
+
+   <li><p>If <var>A</var> or <var>B</var> is "<code data-x="">unsafe-none</code>", then return
+   false.</p></li>
+
+   <li><p>If <var>A</var> is <var>B</var> and <var>originA</var> is <span>same origin</span> with
+   <var>originB</var>, then return true.</p></li>
+
+   <li><p>Return false.</p></li>
+  </ol>
+
   <h3 split-filename="history" id="history">Session history and navigation</h3>
 
   <h4>The session history of browsing contexts</h4>
@@ -85117,6 +85229,89 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
     </div>
    </li>
 
+   <li><p>Let <var>incumbentCOOP</var> be "<code data-x="">unsafe-none</code>".</p></li>
+
+   <li><p>If <var>browsingContext</var> is a top-level <span data-x="browsing context">browsing
+   context</span>, then:</p>
+
+   <ol>
+     <li><p>Let <var>activeDocumentCOOP</var> be the <span data-x="concept-document-coop">
+     cross-origin opener policy</span> of <var>browsingContext</var>'s <span>active document</span>
+     .</p></li>
+
+     <li><p>Set <var>incumbentCOOP</var> be the <span
+     data-x="cross-origin-opener-policy">cross-origin opener policy</span> <span
+     data-x="obtain-coop">obtained</span> given <var>response</var>.</p></li>
+
+     <li>
+      <p>If <var>sandboxFlags</var> is not empty and <var>incumbentCOOP</var> is not "<code
+      data-x="">unsafe-none</code>", then  <span data-x="navigate-ua-inline">display the inline
+      content with an appropriate error shown to the user</span>, with the newly created
+      <code>Document</code> object's <span>origin</span> set to a new <span
+      data-x="concept-origin-opaque">opaque origin</span>, run the <span data-x="environment
+      discarding steps">environment discarding steps</span> for <var>reservedEnvironment</var>, and
+      return.</p>
+
+      <p class="note">This results in a network error as one cannot simultaneously provide a clean
+      slate to a response using cross-origin opener policy and sandbox the result of navigating to
+      that response.</p>
+     </li>
+
+     <li>
+      <p>If the result of <span data-x="matching-coop">matching</span>
+      <var>activeDocumentCOOP</var>, <var>activeDocumentNavigationOrigin</var>,
+      <var>incumbentCOOP</var> and <var>incumbentNavigationOrigin</var> is false and one of the
+      following is false:</p>
+
+      <ul>
+       <li><p><var>browsingContext</var>'s only entry in its <span>session history</span> is the
+       <code>about:blank</code> <code>Document</code> that was added when <var>browsingContext</var>
+       was <span data-x="creating a new browsing context">created</span>.</p></li>
+
+       <li><p><var>activeDocumentCOOP</var> is "<code
+       data-x="">same-origin-allow-popups</code>".</p></li>
+
+       <li><p><var>incumbentCOOP</var> is "<code data-x="">unsafe-none</code>".</p></li>
+      </ul>
+
+      <p>then:</p>
+
+      <ol>
+       <li><p>Let <var>incumbentBrowsingContextGroup</var> be the result of <span>creating a new
+       browsing context group</span>.</p></li>
+
+       <li><p>If <var>incumbentCOOP</var> is "<code data-x="">same-origin + COEP</code>", then set
+       <var>incumbentBrowsingContextGroup</var> cross-origin isolated to true.</p></li>
+
+       <li><p>Let <var>incumbentBrowsingContext</var> be a new top-level browsingContext in
+       <var>incumbentBrowsingContextGroup</var>.</p></li>
+
+       <li>
+        <p>If <var>sandboxFlags</var> is not empty, then:</p>
+        <ol>
+	 <li><p>Assert <var>incumbentCOOP</var> is "<code data-x="">unsafe-none</code>".</p></li>
+
+	 <li><p>Set <var>incumbentBrowsingContext</var>'s <span>sandboxing flag set</span> to
+	 <var>sandboxFlags</var>.</p></li>
+        </ol>
+       </li>
+
+       <li>
+	<p><span data-x="a browsing context is discarded">Discard</span>
+	<var>browsingContext</var>.</p>
+
+	<p class="note">This does not close <var>browsingContext</var>'s <span>browsing context
+	group</span> except if it was the sole top-level browsing context in which case it could be
+	collected</p>
+       </li>
+
+       <li><p>Set <var>browsingContext</var> to the value of
+       <var>incumbentBrowsingContext</var>.</p></li>
+      </ol>
+     </li>
+    </ol>
+   </li>
+
    <li><p>If <var>browsingContext</var>'s only entry in its <span>session history</span> is the
    <code>about:blank</code> <code>Document</code> that was added when <var>browsingContext</var> was
    <span data-x="creating a new browsing context">created</span>, and navigation is occurring with
@@ -85163,8 +85358,9 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
    data-x="concept-document-type">type</span> is <var>type</var>, <span
    data-x="concept-document-content-type">content type</span> is <var>contentType</var>,
    <span>origin</span> is <var>origin</var>, <span data-x="concept-document-feature-policy">feature
-   policy</span> is <var>featurePolicy</var>, and <span>active sandboxing flag set</span> is
-   <var>finalSandboxFlags</var>.</p></li>
+   policy</span> is <var>featurePolicy</var>, <span>active sandboxing flag set</span> is
+   <var>finalSandboxFlags</var>, and <span data-x="concept-document-coop">cross-origin opener
+   policy</span> is <var>incumbentCOOP</var>.</p></li>
 
    <li id="set-the-document's-address"><p>If <var>request</var> is non-null, then set
    <var>document</var>'s <span data-x="concept-document-url">URL</span> to <var>request</var>'s