Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Limiting Same Origin Document Access #197

Closed
dtapuska opened this issue Aug 1, 2019 · 5 comments · Fixed by #302
Closed

Limiting Same Origin Document Access #197

dtapuska opened this issue Aug 1, 2019 · 5 comments · Fixed by #302
Labels
position: negative venue: WHATWG Specifications in a WHATWG Workstream

Comments

@dtapuska
Copy link

dtapuska commented Aug 1, 2019

Request for Mozilla Position on an Emerging Web Specification

Other information

Blink Intent to Implement
TAG Review
@bzbarsky
Copy link
Contributor

bzbarsky commented Aug 1, 2019

I'm generally pretty wary of adding new security primitives. I raised dtapuska/documentaccess#2 asking whether forcing nonce origins would achieve the goals of this proposal without the new-security-primitive angle.

@adamroach adamroach added the venue: WHATWG Specifications in a WHATWG Workstream label Nov 16, 2019
@annevk
Copy link
Contributor

annevk commented Feb 24, 2020
edited
Loading

Given the use cases provided and the statement that this is a security primitive, I don't think this is a good idea as while it allows some isolation between same-origin content, it leaves plenty of channels around. I recommend harmful as a position therefore. (I filed dtapuska/documentaccess#4 on this.)

@dbaron
Copy link
Contributor

dbaron commented Apr 6, 2020

@annevk do you still hold that position following the discussion in that issue? If so, do you want to make a PR to add this to the table?

@dbaron dbaron added the ready to add Appears ready to add to the table of positions. label Apr 6, 2020
annevk added a commit that referenced this issue Apr 7, 2020
@annevk
Add Restricting Document Access of Same Origin Documents (harmful)
6372755 
Closes #197.
@annevk annevk mentioned this issue Apr 7, 2020
Merged
dbaron pushed a commit that referenced this issue Apr 7, 2020
@annevk
Add Restricting Document Access of Same Origin Documents (harmful) (#302
497b0d2 
)

Closes #197.
@dtapuska
Copy link
Author

@annevk Just wanted to check in now that W3C has closed their review indicating that they do recognize the problem and the approach Chromium outlined was reasonable. I anticipate proceeding with it in Chromium but wanted to just have a final statement from Mozilla after the TAG review was completed.

@annevk
Copy link
Contributor

annevk commented Aug 17, 2020

I don't really see what's changed and it doesn't seem like the TAG considered the point about influencing the way code in third parties runs.

@zcorpan zcorpan added position: negative and removed ready to add Appears ready to add to the table of positions. labels Sep 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
position: negative venue: WHATWG Specifications in a WHATWG Workstream
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add Restricting Document Access of Same Origin Documents (harmful) mozilla/standards-positions
6 participants
@zcorpan @dbaron @bzbarsky @annevk @adamroach @dtapuska