Skip to content

Commit

Permalink
Add the Origin-Isolation header
Browse files Browse the repository at this point in the history
  • Loading branch information
domenic committed Aug 19, 2020
1 parent bd32618 commit 1741355
Showing 1 changed file with 173 additions and 12 deletions.
185 changes: 173 additions & 12 deletions source
Original file line number Diff line number Diff line change
Expand Up @@ -2464,6 +2464,7 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute

<ul class="brief">
<li><dfn data-x="http-structured-header" data-x-href="https://httpwg.org/http-extensions/draft-ietf-httpbis-header-structure.html">structured header</dfn></li>
<li><dfn data-x="http-structured-header-boolean" data-x-href="https://httpwg.org/http-extensions/draft-ietf-httpbis-header-structure.html#boolean">boolean</dfn></li>
<li><dfn data-x="http-structured-header-token" data-x-href="https://httpwg.org/http-extensions/draft-ietf-httpbis-header-structure.html#token">token</dfn></li>
<li><dfn data-x="http-structured-header-parameters" data-x-href="https://httpwg.org/http-extensions/draft-ietf-httpbis-header-structure.html#param">parameters</dfn></li>
</ul>
Expand Down Expand Up @@ -2871,6 +2872,18 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
</dd>


<dt>WebAssembly</dt>

<dd>
<p>The following term is defined in <cite>WebAssembly JavaScript Interface</cite>: <ref
spec=WASMJS></p>

<ul class="brief">
<li><dfn data-x-href="https://webassembly.github.io/spec/js-api/#module"><code>WebAssembly.Module</code></dfn></li>
</ul>
</dd>


<dt>DOM</dt>

<dd>
Expand Down Expand Up @@ -76882,7 +76895,7 @@ popup4.close();</code></pre></div>

<li><p>Let <var>agent</var> be the result of <span
data-x="obtain-similar-origin-window-agent">obtaining a similar-origin window agent</span> given
<var>origin</var> and <var>group</var>.</p></li>
<var>origin</var>, <var>group</var>, and false.</p></li>

<li>
<p>Let <var>realm execution context</var> be the result of <span>creating a new JavaScript
Expand Down Expand Up @@ -77478,6 +77491,15 @@ console.assert(iframeWindow.frameElement === null);
<p>A <span>browsing context group</span> has a <dfn data-x="bcg cross-origin
isolated">cross-origin isolated</dfn> boolean. It is initially false.</p>

<p>A <span>browsing context group</span> has an associated <dfn>historical agent cluster key
map</dfn>, which is a <span data-x="ordered map">map</span> of <span
data-x="origin">origins</span> to <span data-x="agent cluster key">agent cluster keys</span>. This
map is used to ensure the consistency of the <a href="#origin-isolation">origin isolation</a>
feature by recording what agent cluster keys were previously used for a given origin.</p>

<p class="note">The <span>historical agent cluster key map</span> only ever gains entries over the
lifetime of the browsing context group.</p>

<p>To <dfn data-x="creating a new browsing context group">create a new browsing context
group</dfn>, run these steps:</p>

Expand Down Expand Up @@ -78172,6 +78194,7 @@ interface <dfn data-export="" data-dfn-type="interface">Window</dfn> : <span>Eve
// the user agent
readonly attribute <span>Navigator</span> <span data-x="dom-navigator">navigator</span>; <!-- IE also has window.clientInformation === window.navigator -->
[SecureContext] readonly attribute <span>ApplicationCache</span> <span data-x="dom-applicationCache">applicationCache</span>;
readonly attribute boolean <span data-x="dom-originIsolated">originIsolated</span>;

// user prompts
undefined <span data-x="dom-alert">alert</span>();
Expand Down Expand Up @@ -79817,8 +79840,8 @@ interface <dfn>BarProp</dfn> {
data-x="concept-document-bc">browsing context</span>, and when the "<code
data-x="document-domain-feature">document-domain</code>" feature is disabled, the setter will
throw a <span>"<code>SecurityError</code>"</span> exception. In cases where <code
data-x="dom-crossOriginIsolated">crossOriginIsolated</code> returns true, the setter will do
nothing.</p>
data-x="dom-crossOriginIsolated">crossOriginIsolated</code> or <code
data-x="dom-originIsolated">originIsolated</code> return true, the setter will do nothing.</p>
</dd>
</dl>

Expand Down Expand Up @@ -79879,6 +79902,9 @@ interface <dfn>BarProp</dfn> {
<li><p>If the <span>surrounding agent</span>'s <span>agent cluster</span>'s <span>cross-origin
isolated</span> is true, then return.</p></li>

<li><p>If the <span>surrounding agent</span>'s <span>agent cluster</span>'s
<span>origin-isolated</span> is true, then return.</p></li>

<li><p>Set <var>this</var>'s <span>origin</span>'s <span
data-x="concept-origin-domain">domain</span> to the result of <span data-x="host
parser">parsing</span> the given value.</p></li>
Expand Down Expand Up @@ -79927,6 +79953,66 @@ interface <dfn>BarProp</dfn> {



<h4>Origin isolation</h4>

<dl class="domintro">
<dt>window . <code subdfn data-x="dom-originIsolated">originIsolated</code></dt>

<dd>
<p>Returns true if this <code>Window</code> is origin-isolated in the manner described in this
section.</p>
</dd>
</dl>

<p>A <code>Document</code> delivered over a <span>secure context</span> can opt in to origin
isolation, by using the `<code data-x="http-origin-isolation">Origin-Isolation</code>` HTTP
response header. This header is a <span data-x="http-structured-header">structured header</span>
whose value must be a <span data-x="http-structured-header-boolean">boolean</span>. <ref
spec=STRUCTURED-HEADERS></p>

<p><span w-nodev>Per the processing model in the <span data-x="create-the-document-object">create
and initialize a new <code>Document</code> object</span>, values</span><span
w-nohtml>Values</span> that are not the <span data-x="http-structured-header-boolean">structured
header boolean</span> true value (i.e., `<code data-x="">?1</code>`) will be ignored.</p>

<p>The consequences of using this header are that <span w-nodev>the resulting
<code>Document</code>'s <span>agent cluster key</span> is its <span>origin</span>, instead of the
<span data-x="obtain a site">corresponding site</span>. In terms of observable effects, this means
that </span>attempting to <a href="#relaxing-the-same-origin-restriction">relax the same-origin
restriction</a> using <code data-x="dom-document-domain">document.domain</code> will instead do
nothing, and it will not be possible to send <code>WebAssembly.Module</code> objects to
cross-origin <code>Document</code>s (even if they are <span>same site</span>). Behind the scenes,
this isolation can allow user agents to allocate implementation-specific resources corresponding
to <span data-x="agent cluster">agent clusters</span>, such as processes or threads, more
efficiently.</p>

<p>Note that within a <span>browsing context group</span>, the `<code
data-x="http-origin-isolation">Origin-Isolation</code>` header can never cause same-origin
<code>Document</code> objects to end up in different <span data-x="agent cluster">agent
clusters</span>, even if one sends the header and the other doesn't.<span w-nodev> This is
prevented by means of the <span>historical agent cluster key map</span>.</span></p>

<p class="note">This means that the <code data-x="dom-originIsolated">originIsolated</code> getter
can return false, even if the header is set, if the header was omitted on a previously-loaded
same-origin page in the same <span>browsing context group</span>. Similarly, it can return true
even when the header is not set.</p>

<p w-nodev>The <dfn><code data-x="dom-originIsolated">originIsolated</code></dfn> getter steps are
to return the <span>surrounding agent</span>'s <span>agent cluster</span>'s
<span>origin-isolated</span>.</p>

<p class="note"><code>Document</code>s for which <span>obtain a site</span> returns an
<span>origin</span> can be considered unconditionally origin-isolated; for them the header has no
effect.</p>

<p class="note">Similarly, <code>Document</code>s in a <span>cross-origin isolated</span>
<span>agent cluster</span> are automatically origin-isolated, with no need for the additional
`<code data-x="http-origin-isolation">Origin-Isolation</code>` header on top of the `<code
data-x="http-cross-origin-opener-policy">Cross-Origin-Opener-Policy</code>` and
`<code>Cross-Origin-Embedder-Policy</code>` headers used to achieve cross-origin isolation.</p>



<h3>Sandboxing</h3>

<p>A <dfn data-export="">sandboxing flag set</dfn> is a set of zero or more of the following
Expand Down Expand Up @@ -83367,10 +83453,25 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
<p>Otherwise:</p>

<ol>
<li><p>Let <var>oiHeader</var> be the result of <span
data-x="concept-response-header-list-get-structured-header">getting a structured header</span>
given `<code data-x="http-origin-isolation">Origin-Isolation</code>` and "<code
data-x="">item</code>" from <var>response</var>'s <span
data-x="concept-response-header-list">header list</span>.</p></li>

<li><p>Let <var>requestsOI</var> be true if <var>oiHeader</var> is not failure,
<var>oiHeader</var> is not null, and <var>oiHeader</var>[0] is the <span
data-x="http-structured-header-boolean">boolean</span> true.</p></li>

<li><p>If <var>reservedEnvironment</var> is a <span>non-secure context</span>, or
<var>response</var>'s <span>HTTPS state</span> is "<code data-x="">deprecated</code>", then
set <var>requestsOI</var> to false.</p></li>

<li><p>Let <var>agent</var> be the result of <span
data-x="obtain-similar-origin-window-agent">obtaining a similar-origin window agent</span>
given <var>navigationParams</var>'s <span data-x="navigation-params-origin">origin</span> and
<var>browsingContext</var>'s <span data-x="tlbc group">group</span>.</p></li>
given <var>navigationParams</var>'s <span data-x="navigation-params-origin">origin</span>,
<var>browsingContext</var>'s <span data-x="tlbc group">group</span>, and
<var>requestsOI</var>.</p></li>

<li>
<p>Let <var>realm execution context</var> be the result of <span>creating a new JavaScript
Expand Down Expand Up @@ -87508,10 +87609,13 @@ interface <dfn>ApplicationCache</dfn> : <span>EventTarget</span> {
ensure that web developers see interoperable behavior with regard to shared memory, even in the
face of varying and changing user agent process models.</p>

<div w-nodev>

<p>An <span>agent cluster</span> has an associated <dfn>cross-origin isolated</dfn> (a boolean),
which is initially false.</p>

<div w-nodev>
<p>An <span>agent cluster</span> has an associated <dfn>origin-isolated</dfn> (a boolean), which
is initially false.</p>

<hr>

Expand All @@ -87525,16 +87629,33 @@ interface <dfn>ApplicationCache</dfn> : <span>EventTarget</span> {
<span>origin</span>.</p>

<p>To <dfn data-x="obtain-similar-origin-window-agent">obtain a similar-origin window agent</dfn>,
given an <span>origin</span> <var>origin</var> and <span>browsing context group</span>
<var>group</var>, run these steps:</p>
given an <span>origin</span> <var>origin</var>, a <span>browsing context group</span>
<var>group</var>, and a boolean <var>requestsOI</var>, run these steps:</p>

<ol>
<li><p>Let <var>key</var> be the result of <span data-x="obtain a site">obtaining a
site</span> with <var>origin</var>.</p></li>
<li><p>Let <var>site</var> be the result of <span data-x="obtain a site">obtaining a site</span>
with <var>origin</var>.</p></li>

<li><p>Let <var>key</var> be <var>site</var>.</p></li>

<li><p>If <var>group</var>'s <span data-x="bcg cross-origin isolated">cross-origin
isolated</span> is true, then set <var>key</var> to <var>origin</var>.</p></li>

<li><p>Otherwise, if <var>group</var>'s <span>historical agent cluster key
map</span>[<var>origin</var>] <span data-x="map exists">exists</span>, then set <var>key</var> to
<var>group</var>'s <span>historical agent cluster key map</span>[<var>origin</var>].</p></li>

<li>
<p>Otherwise:</p>

<ol>
<li><p>If <var>requestsOI</var> is true, then set <var>key</var> to <var>origin</var>.</p></li>

<li><p>Set <var>group</var>'s <span>historical agent cluster key map</span>[<var>origin</var>]
to <var>key</var>.</p></li>
</ol>
</li>

<li>
<p>If <var>group</var>'s <span>agent cluster map</span>[<var>key</var>] <span data-x="map
exists">does not exist</span>, then:</p>
Expand All @@ -87545,6 +87666,9 @@ interface <dfn>ApplicationCache</dfn> : <span>EventTarget</span> {
<li><p>Set <var>agentCluster</var>'s <span>cross-origin isolated</span> to <var>group</var>'s
<span data-x="bcg cross-origin isolated">cross-origin isolated</span>.</p></li>

<li><p>Set <var>agentCluster</var>'s <span>origin-isolated</span> to true if <var>key</var>
equals <var>origin</var>; otherwise false.</p></li>

<li><p>Add the result of <span data-x="create an agent">creating an agent</span>, given false,
to <var>agentCluster</var>.</p></li>

Expand Down Expand Up @@ -87574,8 +87698,22 @@ interface <dfn>ApplicationCache</dfn> : <span>EventTarget</span> {
<ol>
<li><p>Let <var>agentCluster</var> be null.

<li><p>If <var>isTopLevel</var> is true, then set <var>agentCluster</var> to a new <span>agent
cluster</span>.</p></li>
<li>
<p>If <var>isTopLevel</var> is true, then:</p>

<ol>
<li><p>Set <var>agentCluster</var> to a new <span>agent cluster</span>.</p></li>

<li>
<p>Set <var>agentCluster</var>'s <span>origin-isolated</span> to true.</p>

<p class="note">These workers can be considered to be origin-isolated. However, this is not
exposed through any APIs (in the way that <code
data-x="dom-originIsolated">originIsolated</code> exposes the origin-isolation state for
windows).</p>
</li>
</ol>
</li>

<li>
<p>Otherwise:</p>
Expand Down Expand Up @@ -117413,6 +117551,29 @@ interface <dfn>External</dfn> {
</dl>


<h3>`<dfn><code data-x="http-origin-isolation">Origin-Isolation</code></dfn>`</h3>

<p>This section describes a header for registration in the Permanent Message Header Field
Registry. <ref spec=RFC3864></p>

<dl>
<dt>Header field name:</dt>
<dd>Origin-Isolation</dd>
<dt>Applicable protocol:</dt>
<dd>http</dd>
<dt>Status:</dt>
<dd>standard</dd>
<dt>Author/Change controller:</dt>
<dd>WHATWG</dd>
<dt>Specification document(s):</dt>
<dd>
This document is the relevant specification.
</dd>
<dt>Related information:</dt>
<dd>None.</dd>
</dl>


<h3 id="ping-from">`<dfn><code data-x="http-ping-from">Ping-From</code></dfn>`</h3>

<p>This section describes a header for registration in the Permanent Message Header Field
Expand Down

0 comments on commit 1741355

Please sign in to comment.