Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTML: ensure serializing SharedArrayBuffer throws without COOP+COEP #17802

Merged
merged 1 commit into from Aug 6, 2019
Merged

HTML: ensure serializing SharedArrayBuffer throws without COOP+COEP #17802

merged 1 commit into from Aug 6, 2019

Conversation

annevk
Copy link
Member

@annevk annevk commented Jul 12, 2019

@annevk annevk mentioned this pull request Jul 12, 2019
Closed
@annevk
Copy link
Member Author

annevk commented Jul 12, 2019

#17760 and #17761 should probably land first as otherwise we end up with contradictory state.

foolip
foolip reviewed Jul 15, 2019
View reviewed changes
Copy link
Member

@foolip foolip left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add tests for when the "allow sidechannel attacks" flag is true?

Have you also searched for tests that already try to postMessage SABs? Those will need updating.

@annevk
Copy link
Member Author

annevk commented Jul 15, 2019

@foolip see the PRs I referenced and also #17690. This is part of a larger set of changes that addresses those concerns.

@foolip
Copy link
Member

foolip commented Jul 15, 2019

@annevk I see, that's being tracked then.

@annevk annevk mentioned this pull request Jul 19, 2019
Merged
3 tasks
@annevk annevk merged commit aecedb5 into master Aug 6, 2019
@annevk annevk deleted the annevk/sab-throws-without-coop-coep branch August 6, 2019 12:49
annevk added a commit to whatwg/html that referenced this pull request Jun 29, 2020
@annevk
Add the cross-origin isolated primitive
50ebcb4 
A top-level navigation response with Cross-Origin-Opener-Policy set to same-origin and Cross-Origin-Embedder-Policy set to require-corp will create a cross-origin isolated browsing context group. And all agent clusters therein will be cross-origin isolated as well (shared and service workers can still not be, as they sit on the side).

This change also:

* Gates SharedArrayBuffer exposure behind that primitive for web compatibility reasons.
* Gates SharedArrayBuffer sharing behind that primitive.
* Exposes it through self.crossOriginIsolated.
* Makes document.domain return before it mutates the origin.
* Makes agent clusters keyed on origin.

Tests:

* web-platform-tests/wpt#17719
* web-platform-tests/wpt#17760
* web-platform-tests/wpt#17761
* web-platform-tests/wpt#17802
* web-platform-tests/wpt#17909
* web-platform-tests/wpt#18543
* web-platform-tests/wpt#20116
* web-platform-tests/wpt#22358

Closes #4732. Closes #5122. Closes #5444.

Follow-up: #5435.
annevk added a commit to whatwg/html that referenced this pull request Jul 8, 2020
@annevk
Add the cross-origin isolated primitive
c9d8983 
A top-level navigation response with Cross-Origin-Opener-Policy set to same-origin and Cross-Origin-Embedder-Policy set to require-corp will create a cross-origin isolated browsing context group. And all agent clusters therein will be cross-origin isolated as well (shared and service workers can still not be, as they sit on the side).

This change also:

* Gates SharedArrayBuffer exposure behind that primitive for web compatibility reasons.
* Gates SharedArrayBuffer sharing behind that primitive.
* Exposes it through self.crossOriginIsolated.
* Makes document.domain return before it mutates the origin.
* Makes agent clusters keyed on origin.

Tests:

* web-platform-tests/wpt#17719
* web-platform-tests/wpt#17760
* web-platform-tests/wpt#17761
* web-platform-tests/wpt#17802
* web-platform-tests/wpt#17909
* web-platform-tests/wpt#18543
* web-platform-tests/wpt#20116
* web-platform-tests/wpt#22358

Closes #4732. Closes #5122. Closes #5444.

Follow-up: #5435 (and #5362).
mfreed7 pushed a commit to mfreed7/html that referenced this pull request Sep 11, 2020
@annevk @mfreed7
Add the cross-origin isolated primitive
485cd3e 
A top-level navigation response with Cross-Origin-Opener-Policy set to same-origin and Cross-Origin-Embedder-Policy set to require-corp will create a cross-origin isolated browsing context group. And all agent clusters therein will be cross-origin isolated as well (shared and service workers can still not be, as they sit on the side).

This change also:

* Gates SharedArrayBuffer exposure behind that primitive for web compatibility reasons.
* Gates SharedArrayBuffer sharing behind that primitive.
* Exposes it through self.crossOriginIsolated.
* Makes document.domain return before it mutates the origin.
* Makes agent clusters keyed on origin.

Tests:

* web-platform-tests/wpt#17719
* web-platform-tests/wpt#17760
* web-platform-tests/wpt#17761
* web-platform-tests/wpt#17802
* web-platform-tests/wpt#17909
* web-platform-tests/wpt#18543
* web-platform-tests/wpt#20116
* web-platform-tests/wpt#22358

Closes whatwg#4732. Closes whatwg#5122. Closes whatwg#5444.

Follow-up: whatwg#5435 (and whatwg#5362).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@foolip foolip foolip approved these changes

@domenic domenic Awaiting requested review from domenic

@jdm jdm Awaiting requested review from jdm

@jgraham jgraham Awaiting requested review from jgraham

@zcorpan zcorpan Awaiting requested review from zcorpan

@zqzhang zqzhang Awaiting requested review from zqzhang

Assignees

@foolip foolip

Labels
html
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@annevk @foolip @wpt-pr-bot