Skip to content

Add cross-site ancestor flag to environment. #11133

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Add cross-site ancestor flag to environment. #11133

wants to merge 8 commits into from

Conversation

bvandersloot-mozilla
Copy link

@bvandersloot-mozilla bvandersloot-mozilla commented Mar 14, 2025
edited by pr-preview bot
Loading

This is commandeering #8036, and is meant to land with whatwg/fetch#1807 in its place.

  • At least two implementers are interested (and none opposed):
    • Firefox
  • Tests are written and can be reviewed and commented upon at:
  • Implementation bugs are filed:
    • Chromium: …
    • Gecko: …
    • WebKit: …
    • Deno (only for timers, structured clone, base64 utils, channel messaging, module resolution, web workers, and web storage): …
    • Node.js (only for timers, structured clone, base64 utils, channel messaging, and module resolution): …
  • Corresponding HTML AAM & ARIA in HTML issues & PRs:
  • MDN issue is filed: …
  • The top of this comment includes a clear commit message to use.

(See WHATWG Working Mode: Changes for more details.)

/acknowledgements.html ( diff )
/nav-history-apis.html ( diff )
/webappapis.html ( diff )
/workers.html ( diff )
/worklets.html ( diff )

@bvandersloot-mozilla bvandersloot-mozilla mentioned this pull request Mar 24, 2025
Closed
3 tasks
@johannhof johannhof self-requested a review March 27, 2025 12:44
@johannhof
Copy link
Member

This looks good to me, but talking to @cfredric we'd slightly prefer the term "ancestry" with "cross-site" or "same-site" as values. @bvandersloot-mozilla WDYT?

@tidoust tidoust mentioned this pull request Apr 2, 2025
Merged
@annevk annevk mentioned this pull request May 19, 2025
Open
6 tasks
annevk
annevk reviewed May 19, 2025
View reviewed changes
@annevk annevk mentioned this pull request May 20, 2025
Open
domenic
domenic requested changes May 21, 2025
View reviewed changes
domenic
domenic reviewed May 23, 2025
View reviewed changes
@bvandersloot-mozilla
Copy link
Author

I think that feedback makes a lot of sense- hanging it on the ESO is probably right.

With respect to behavior when disconnected, I think the only corner case I worry about is if a disconnected document is able to perform fetches and then get reconnected later. In that case it should matter and we'd want some kind of latching to prevent disconnecting documents from being a way to escalate their privileges. If not, then this update should match your sketch for imlementation as a new algorithm on ESOs.

domenic
domenic approved these changes Jun 3, 2025
View reviewed changes
Copy link
Member

@domenic domenic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, this looks good to me! Please also work on an update to the service worker spec, as the only other environment settings object on the platform.

I think the only corner case I worry about is if a disconnected document is able to perform fetches and then get reconnected later.

There's no way to reconnect disconnected documents, so I think we're safe!

@bvandersloot-mozilla bvandersloot-mozilla mentioned this pull request Jun 3, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@annevk annevk annevk left review comments

@domenic domenic domenic approved these changes

@johannhof johannhof Awaiting requested review from johannhof

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@bvandersloot-mozilla @johannhof @domenic @annevk