1. Use origin instead of site as agent cluster key for cross-origin isolated agent clusters. document.domain mutation is no-op for agents in cross-origin isolated agent clusters. 2. Introduce cross-origin isolated permission (https://w3c.github.io/webappsec-feature-policy/). 3. Introduce self.crossOriginIsolated returning whether the surrounding agent cluster is cross-origin isolated and the environment has the cross-origin isolated permission.

Motivation

Following Spectre/Meldown discovery, sensitive APIs such as SharedArrayBuffer were disabled on certain platforms with a lot of shared processes (e.g. Android). We want to give developers the opportunity to use these features, while maintaining a good security level. We believe COOP and COEP ensure sufficient security boundaries. When we have both COOP and COEP set we set crossOriginIsolated to true, which in the long run will allow the use of such powerful APIs.

Documentation

• https://docs.google.com/document/d/1QyAGuwxoX1MrrPqOpAr84zhX0_YB7kOD2w8azvq45ME/edit#
• https://docs.google.com/document/u/1/d/1OFaz1Txi4ynFLmRqNTLFF3qd6jm4kK4GkJdmgr5_aZA/edit?usp=sharing

Specification

Specification link

Status: Specification being incubated in a Community Group

Status in Chromium

Blink components: Blink>SecurityFeature

Implementation status: Enabled by default (tracking bug)

Consensus & Standardization

• Firefox: Shipped/Shipping
• Safari: No signal
• Web Developers: No signals

Owners

• ahemery@chromium.org
• yhirano@chromium.org
• vahl@chromium.org

Search tags

Last updated on 2021-05-19