Enable Feature Policy control over setting `document.domain`. |
||||
Issue description`document.domain` is an unfortunate API with security implications (among others, it makes true origin isolation difficult to deploy (hence "Site Isolation"). We should give developers the ability to opt-out of it, with the goal of deprecating the feature over time, similar conceptually to sync XHR.
,
Nov 12
,
Nov 13
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/59b93fee3639bf638833521032d30823f5240c01 commit 59b93fee3639bf638833521032d30823f5240c01 Author: Mike West <mkwst@chromium.org> Date: Tue Nov 13 09:17:03 2018 Enable Feature Policy control over setting `document.domain`. Intent: https://groups.google.com/a/chromium.org/d/msg/blink-dev/Ff6Ywg5vnh4/VbDH4X6wBQAJ Explainer: https://github.com/WICG/feature-policy/issues/241 Spec PR: https://github.com/whatwg/html/pull/4170 Bug: 904351 Change-Id: I14c0c3c871a01017f9c2bcbe8ed41c7b26782e71 Reviewed-on: https://chromium-review.googlesource.com/c/1329791 Commit-Queue: Mike West <mkwst@chromium.org> Reviewed-by: Ian Clelland <iclelland@chromium.org> Cr-Commit-Position: refs/heads/master@{#607530} [add] https://crrev.com/59b93fee3639bf638833521032d30823f5240c01/third_party/WebKit/LayoutTests/external/wpt/html/browsers/origin/relaxing-the-same-origin-restriction/document_domain_feature_policy.tentative.sub.html [modify] https://crrev.com/59b93fee3639bf638833521032d30823f5240c01/third_party/blink/common/feature_policy/feature_policy.cc [modify] https://crrev.com/59b93fee3639bf638833521032d30823f5240c01/third_party/blink/renderer/core/dom/document.cc [modify] https://crrev.com/59b93fee3639bf638833521032d30823f5240c01/third_party/blink/renderer/core/feature_policy/feature_policy.cc
,
Nov 16
Nice! Thanks for pushing forward with this! I was under the impression that Feature Policy is document-wide rather than origin-wide, though. Is that the case here? If it's not origin-wide, then it's possible for another document in the same origin to still modify document.domain, and thus we wouldn't be able to safely use origin-level process isolation (as opposed to Site Isolation). Would be great if I'm mistaken, though. :)
,
Nov 19
creis@: This feature policy toggle is, indeed, document-centric. I don't think you'll be able to use it for origin-level process isolation until we're also shipping origin policy's feature-policy integration. vogelheim@ has a behind-a-flag implementation of that up at https://chromium-review.googlesource.com/c/chromium/src/+/1202202. It would be great if y'all could collaborate with him to make sure the data can be exposed at whatever point during navigation you'll need it in order to make decisions about where to commit things.
,
Dec 7
|
||||
►
Sign in to add a comment |
||||
Comment 1 by mkwst@chromium.org
, Nov 12