commit | 09bb76a2c6bec417761b51a45ace93bea6b75986 | [log] [tgz] |
---|---|---|
author | Antonio Sartori <antoniosartori@chromium.org> | Thu Jul 15 16:12:51 2021 |
committer | Chromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com> | Thu Jul 15 16:12:51 2021 |
tree | 23c7f838e53c8345aa327aa3bdcfb8f6cec1f5c2 | |
parent | 1ec55f8959ebcf26e249bd833bdcd474af2cc646 [diff] |
Use COOP: unsafe-none for error pages At the moment, error pages keep the Cross Origin Opener Policy of the previous page (or of the last redirect response in case of a redirect). This causes a number of bugs (see list attached). There was a previous CL trying to address this: https://crrev.com/c/2859165 by defaulting the error page to COOP: unsafe-none. However, that was abandoned because it would have caused the opener relationship to be severed in case a page with "COOP: same-origin" opens a same-origin popup with the same COOP which ends up in a network error and then reloads. However, I think that is the expected behaviour no matter what. Undependently of COOP, the error page will be cross-origin w.r.t. the opener, so the opener relationship should be severed (but apparently we were not doing that). This CL defaults error pages to "COOP: unsafe-none" and runs the COOP algorithms for error pages with their unique opaque origin. This ensures that error pages are isolated, avoiding bugs as https://crbug.com/1226909. Moreover, this should prevent the crash https://crbug.com/1210622, since now process allocation and COOP enforcement are computed with the same input, so they should give consistent results. Finally, I believe this should also address https://crbug.com/1205883. Change-Id: Iede44839edb98586b3d51d345517f58efec10be7 Bug: 1226909,1210622,1205883 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3024337 Commit-Queue: Antonio Sartori <antoniosartori@chromium.org> Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org> Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org> Cr-Commit-Position: refs/heads/master@{#901982}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
To check out the source code locally, don't use git clone
! Instead, follow the instructions on how to get the code.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .
For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.
If you found a bug, please file it at https://crbug.com/new.