Consider deprecating cross-origin workers |
|
Issue descriptionBasically, workers are assumed to be same-origin, but in some cases the origin of the parent Document and the origin of the worker script can be different, because the same-originness is implemented as SecurityOrigin::CanRequest(). This CL tracks possible efforts to deprecate such "cross-origin" workers, especially around extensions. Design doc: https://docs.google.com/document/d/1XXGIlHEegCYcab2Ue9ZdcvB2XwV3AJSGsK6_9IcLG4I/edit#
,
Dec 14
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/4a696c0c1c9c067cf321b795a488b28a2aafe1b4 commit 4a696c0c1c9c067cf321b795a488b28a2aafe1b4 Author: Hiroshige Hayashizaki <hiroshige@chromium.org> Date: Fri Dec 14 02:50:31 2018 Add a UMA for same-originness of classic worker top-level scripts To investigate when/how often there are "cross-origin" workers, this CL adds a UMA to record same-originness of worker scripts and its cross-origin reasons of classic worker top-level scripts. Bug: 867302 Change-Id: I52c8caab6974d2db0b95e25115faba8045429902 Reviewed-on: https://chromium-review.googlesource.com/c/1149325 Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org> Reviewed-by: Brian White <bcwhite@chromium.org> Reviewed-by: Matt Falkenhagen <falken@chromium.org> Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org> Cr-Commit-Position: refs/heads/master@{#616566} [modify] https://crrev.com/4a696c0c1c9c067cf321b795a488b28a2aafe1b4/third_party/blink/renderer/core/workers/dedicated_worker.cc [modify] https://crrev.com/4a696c0c1c9c067cf321b795a488b28a2aafe1b4/tools/metrics/histograms/enums.xml [modify] https://crrev.com/4a696c0c1c9c067cf321b795a488b28a2aafe1b4/tools/metrics/histograms/histograms.xml |
|
►
Sign in to add a comment |
|
Comment 1 by hirosh...@chromium.org
, Jul 25