Feature policy should track opaque origins across renderers and the browser data structures |
|
Issue descriptionFeature policies can be applied to frames whose documents have opaque origins, but the origins themselves cannot be referred to consistently in different renderer processes, or between renderers and the browser. As a result, it is not possible to craft a feature policy that targets a specific opaque origin. We should change this, once we have the ability to identify specific opaque origin objects.
,
Jan 18
(4 days ago)
Ian, is still to be addressed?
,
Yesterday
(44 hours ago)
Yes, I think there is still one more piece -- sandboxed frames with an allowlist referencing 'src' currently match *any* origin loaded in the frame, since we're only tracking a single boolean in that case. We should store the actual initial opauqe origin, but it will also involve either knowing that origin in advance of document loading, or else updating the container policy on first document load.
,
Today
(17 hours ago)
I've recently added tracking of precursor origin for opaque origins in issue 882053 , which can potentially be helpful here. Feel free to reach out if you have any questions. |
|
►
Sign in to add a comment |
|
Comment 1 by creis@chromium.org
, Apr 18 2018