Bug 233633

Summary: Enforce COOP, even when COOP+sandbox leads to an error page.
Product: WebKit Reporter: ahemery
Component: Page LoadingAssignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Normal CC: achristensen, beidson, cdumez, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Safari 15   
Hardware: Unspecified   
OS: Unspecified   

ahemery
Reported 2021-11-30 05:23:47 PST
As discussed in https://github.com/whatwg/html/issues/7345, an opener that remains on a popup that error'd because of COOP+sandbox can lead to guessing URLs cross-origin using history length. Instead, the spec changes in https://github.com/whatwg/html/pull/7364 to enforce COOP, even when we'll fail afterwards, severing the opener.
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2021-12-07 05:24:19 PST
<rdar://problem/86152095>
Note You need to log in before you can comment on or make changes to this bug.