From e38bc9313732aac0247e42b31917391718c0dd93 Mon Sep 17 00:00:00 2001 From: clamy Date: Wed, 10 Jun 2020 16:09:39 +0200 Subject: [PATCH] Add cross-origin oepner policy reporting API --- source | 691 +++++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 550 insertions(+), 141 deletions(-) diff --git a/source b/source index 58a37478d64..220919dc601 100644 --- a/source +++ b/source @@ -3943,6 +3943,18 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute + + +
Reporting
+ +
+

The following feature is defined in Reporting API:

+ +
@@ -9040,8 +9052,7 @@ partial interface Document { which is a module map, initially empty.

The Document has a cross-origin opener - policy, which is a cross-origin opener policy, initially "unsafe-none".

+ policy, which is a cross-origin opener policy.

The DocumentOrShadowRoot interface

@@ -76651,6 +76662,15 @@ popup4.close(); active document's cross-origin opener policy.

+
  • Let coop be a new cross-origin opener policy.

  • + +
  • If creator is non-null and creator's origin is + same origin with creator's relevant settings object's + top-level origin, then set coop to creator's browsing context's top-level browsing context's + active document's cross-origin opener + policy.

  • +
  • Let document be a new Document, marked as an HTML document in quirks mode, whose content type is "text/html", @@ -77510,10 +77530,10 @@ console.assert(iframeWindow.frameElement === null);

    1. -

      If current's top-level browsing context's active - document's cross-origin opener policy is - "same-origin" or "same-origin-plus-COEP", then:

      +

      If current's top-level browsing context's active + document's cross-origin opener policy's + value is "same-origin" or + "same-origin-plus-COEP", then:

      1. Let currentDocument be current's active @@ -79966,10 +79986,30 @@ interface BarProp {

        Cross-origin opener policies

        +

        Cross-origin opener policy

        +

        A cross-origin opener policy allows a document which is navigated to in a top-level browsing context to force the creation of a new top-level browsing - context, and a corresponding group. It has one of the - following values:

        + context, and a corresponding group. The cross-origin + opener policy consists of:

        + +
          +
        1. A cross-origin opener policy value + (value), initially "unsafe-none".

        2. + +
        3. A string or null (reporting + endpoint), initially null.

        4. + +
        5. A cross-origin opener policy value + (report only value), initially "unsafe-none".

        6. + +
        7. A string or null (report only reporting endpoint), initially null.

        8. +
        + +

        The cross-origin opener policy value consists of the following:

        "unsafe-none"
        @@ -80006,10 +80046,10 @@ interface BarProp {
    -

    To match cross-origin opener policies, given a - cross-origin opener policy A, an origin originA, a - cross-origin opener policy B, and an origin - originB:

    +

    To match cross-origin opener policy values, given a cross-origin opener policy value A, an + origin originA, a >cross-origin opener + policy value B, and an origin originB:

    1. If A is "unsafe-none" and B @@ -80024,14 +80064,18 @@ interface BarProp {

    2. Return false.

    -

    The `Cross-Origin-Opener-Policy` - header

    +

    The `Cross-Origin-Opener-Policy` and + `Cross-Origin-Opener-Policy-Report-Only` + headers

    A Document's cross-origin opener policy is derived from the `Cross-Origin-Opener-Policy` HTTP response header. - This header is a structured header whose value must - be a token.

    + data-x="http-cross-origin-opener-policy">Cross-Origin-Opener-Policy` and the `Cross-Origin-Opener-Policy-Report-Only` + HTTP response headers. These headers are structured + headers whose value must be a token. +

    The valid token values are "unsafe-none", "BarProp { data-x="concept-response">response response:

      +
    1. Let policy be a new cross-origin opener policy.

    2. +
    3. Let securityState be the result of executing Is url potentially trustworthy? on response's url.

    4. If securityState is "Not Trustworthy", then return - "unsafe-none".

    5. + policy.

    6. Let value be the result of getting a structured header @@ -80062,40 +80108,196 @@ interface BarProp { "item" from response's header list.

    7. -
    8. If value is failure or null, then return "unsafe-none".

    9. +
    10. +

      If value is not failure and is not null, then:

      -
    11. If value[0] is not "same-origin" or - "same-origin-allow-popups", then return - "unsafe-none".

    12. +
        +
      1. +

        If value bare item is "same-origin", then:

        -
      2. -

        If value[0] is "same-origin", then:

        +
          +
        1. Let coep be the result of obtaining a cross-origin embedder + policy from response.

        2. + +
        3. If coep's value is + "require-corp", then set policy value to "same-origin-plus-COEP".

        4. + +
        5. Else, set policy value to "same-origin".

        6. +
        +
      3. + +
      4. If value bare item is "same-origin-allow-popups", + then set policy value to "same-origin-allow-popups".

      5. + +
      6. If value's parameters["report-to"] exists and it is a string, then set reporting endpoint to + value's parameters["report-to"].

      7. +
      + + +
    13. Let reportOnlyValue be the result of getting a structured header + given `Cross-Origin-Opener-Policy-Report-Only` and + "item" from response's header list.

    14. +
    15. +

      If reportOnlyValue is not failure and is not null, then:

        -
      1. Let coep be the result of obtaining a cross-origin embedder - policy from response.

      2. +
      3. +

        If reportOnlyValue bare item is "same-origin", then:

        + +
          +
        1. Let coep be the result of obtaining a cross-origin embedder + policy from response.

        2. + +
        3. +

          If coep's value is + "require-corp" or coep's report only value is "require-corp", then set policy report only value to "same-origin-plus-COEP".

          + +

          Report only COOP also considers report only COEP to assign the special "same-origin-plus-coep" value. This allows developers more freedom in the + order of deployment of COOP and COEP.

          +
        4. + +
        5. Else, set policy report only + value to "same-origin".

        6. +
        +
      4. -
      5. If coep is "require-corp", then return "same-origin-plus-COEP".

      6. +
      7. If reportOnlyValue bare item is "same-origin-allow-popups", then set policy report only value to "same-origin-allow-popups".

      8. + +
      9. If reportOnlyValue's parameters["report-to"] exists and it is a string, then set report only reporting endpoint to + reportOnlyValue's parameters["report-to"].

    16. -
    17. Return value[0].

    18. +
    19. Return policy.

    +

    Browsing context group switches due to cross-origin opener policy

    +

    To check if a cross-origin opener + policy value requires a browsing context group switch, given a boolean + isInitialEmptyDocument, two origins + responseOrigin, activeDocumentNavigationOrigin, and two cross-origin opener policy values responseCOOPValue, + activeDocumentCOOPValue:

    + +
      +
    1. If the result of matching + activeDocumentCOOPValue, activeDocumentNavigationOrigin, + responseCOOPValue and responseOrigin is true, return + false.

    2. + +
    3. +

      If all of the following are true:

      + +
        +
      • isInitialEmptyDocument.

      • + +
      • activeDocumentCOOPValue's value is "same-origin-allow-popups".

      • + +
      • responseCOOPValue is "unsafe-none".

      • +
      + +

      then return false.

      +
    4. + +
    5. Return true.

      +
    + +

    To check if enforcing report only COOP + policies would require a browsing context group switch, given a boolean + isInitialEmptyDocument, two origins + responseOrigin, activeDocumentNavigationOrigin, and two cross-origin opener policies responseCOOP, + and ActiveDocumentCOOP:

    + +
      +
    1. +

      If the result of checking if + the navigation requires a browsing context group switch given + isInitialEmptyDocument, sandboxFlags, responseOrigin, + activeDocumentNavigationOrigin, responseCOOP's report-only value and + ActiveDocumentCOOPReportOnly's report-only value is false, + return false.

      + +

      Matching report only policies allows a website to specify the same report only + Cross-Origin-Opener-Policy on all its pages and not receive violation reports for navigations + between these pages.

      +
    2. + +
    3. If the result of checking if the navigation requires a + browsing context group switch given isInitialEmptyDocument, + sandboxFlags, responseOrigin, activeDocumentNavigationOrigin, + responseCOOP's value and + ActiveDocumentCOOPReportOnly's report-only + value is true, return true.

    4. + +
    5. If the result of checking if the navigation requires a + browsing context group switch given isInitialEmptyDocument, + sandboxFlags, responseOrigin, activeDocumentNavigationOrigin, + responseCOOP's report-only value + and ActiveDocumentCOOPReportOnly's value is + true, return true.

    6. + +
    7. Return false.

    8. +
    + +

    A cross-origin opener policy enforcement result is + a struct composed of:

    + +
      +
    • A boolean needBrowsingContextGroupSwitch, initially false.

    • + +
    • A boolean needBrowsingContextGroupSwitchReportOnly, initially false.

    • + +
    • A boolean sameOriginWithPreviousDocumentIncludingRedirects, initally true.

    • +
    +

    To check if a response requires a browsing context group switch, given a browsing context - browsingContext, an origin responseOrigin and a - cross-origin opener policy responseCOOP:

    + browsingContext, an origin responseOrigin, a + cross-origin opener policy responseCOOP, and a cross-origin opener policy enforcement result + currentCOOPEnforcementResult, run the followign steps:

    1. Let activeDocumentNavigationOrigin be browsingContext's active document's origin.

    2. +
    3. If activeDocumentNavigationOrigin is not same origin with + responseOrigin, set currentCOOPEnforcementResult's + sameOriginWithPreviousDocumentIncludingRedirects to false.

    4. +
    5. Let activeDocumentCOOP be browsingContext's active document's cross-origin opener policy.

    6. @@ -80107,41 +80309,128 @@ interface BarProp { created, then set isInitialAboutBlank to true.

      -
    7. If the result of matching - activeDocumentCOOP, activeDocumentNavigationOrigin, - responseCOOP and responseOrigin is true, then return false.

    8. - -
    9. -

      If all of the following are true:

      - -
        -
      • isInitialAboutBlank

      • +
      • If the result of checking if + the COOP values require a browsing context group switch given + isInitialAboutBlank, activeDocumentCOOP's value, activeDocumentNavigationOrigin, + responseCOOP's value and + responseOrigin is true, set currentCOOPEnforcementResult's + needBrowsingContextGroupSwitch to true.

      • -
      • activeDocumentCOOP is "same-origin-allow-popups".

      • +
      • If the result of checking if + enforcing report only COOP policies would require a browsing context group switch given + isInitialAboutBlank, responseOrigin, + activeDocumentNavigationOrigin, responseCOOP, and + activeDocumentCOOP, is true, set currentCOOPEnforcementResult's + needBrowsingContextGroupSwitchReportOnly to true.

      • -
      • responseCOOP is "unsafe-none".

      • -
      +
    10. +

      If browsingContext's browsing context group's browsing + context set's size is strictly greater than 1, then:

      -

      then return false.

      +
        +
      1. If

        navigationCOOP's reporting endpoint is not null and currentCOOPEnforcementResult's + needBrowsingContextGroupSwitch is true, queue a violation report for browsing context group switch + when navigating to a COOP page with navigationCOOP's reporting endpoint, navigationCOOP's + value, "enforce", + response's URL, + browsingContext's active document's URL, + request's referrer, and + currentCOOPEnforcementResult's + sameOriginWithPreviousDocumentIncludingRedirects.

      2. + +
      3. If navigationCOOP's report only reporting endpoint is not null and currentCOOPEnforcementResult's + needBrowsingContextGroupSwitchReportOnly, queue a violation report for browsing context group switch + when navigating to a COOP page with navigationCOOP's report only reporting endpoint, + navigationCOOP's report only + value, "reporting", response's URL, browsingContext's active + document's URL, and request's referrer.

      4. +
    11. - -
    12. Return true.

    To obtain a browsing context to use for a navigation response, given a browsing context - browsingContext, a sandboxing flag set sandboxFlags, and a - cross-origin opener policy navigationCOOP:

    + browsingContext, a sandboxing flag set sandboxFlags, a + cross-origin opener policy navigationCOOP and a cross-origin opener policy enforcement result + COOPEnforcementResult:

    1. Assert: browsingContext is a top-level browsing context.

    2. +
    3. Let activeDocumentCOOP be browsingContext's active + document's cross-origin opener + policy.

    4. + +
    5. +

      If COOPEnforcementResult's needBrowsingContextGroupSwitchReportOnly + is true and browsingContext's browsing context + group's browsing context set's size is + strictly greater than 1, and activeDocumentCOOP's report only reporting endpoint is not null, then:

      + +
        +
      1. Let initialNavigationURL be a new empty URL.

      2. + +
      3. If source and browsingContext are the same, set + initialNavigationURL to request's URL.

      4. + +
      5. Queue a violation report for + browsing context group switch when navigating away from a COOP page with + activeDocumentCOOP's report only + reporting endpoint, activeDocumentCOOP's report only value, "reporting", response's URL, browsingContext's active + document's URL, and initialNavigationURL.

      6. +
      +
    6. + +
    7. If COOPEnforcementResult's needBrowsingContextGroupSwitch is false, return browsingContext. + +

    8. +

      If browsingContext's browsing context group's browsing context + set's size is strictly greater than 1, and activeDocumentCOOP's reporting endpoint is not null, then:

      + +
        +
      1. Let initialNavigationURL be a new empty URL.

      2. + +
      3. If source and browsingContext are the same, set + initialNavigationURL to request's URL.

      4. + +
      5. Queue a violation report for + browsing context group switch when navigating away from a COOP page with + activeDocumentCOOP's reporting + endpoint, activeDocumentCOOP's value, + "enforce", response's URL, browsingContext's active + document's URL, and initialNavigationURL.

      6. +
      +
    9. +
    10. Let newBrowsingContext be the result of creating a new top-level browsing context.

    11. -
    12. If navigationCOOP is "

      If navigationCOOP's value is "same-origin-plus-COEP", then set newBrowsingContext's group's cross-origin isolated to true.

    13. @@ -80149,8 +80438,8 @@ interface BarProp {
    14. If sandboxFlags is not empty, then:

        -
      1. Assert: navigationCOOP is "unsafe-none".

      2. +
      3. Assert navigationCOOP's value is + "unsafe-none".

      4. Set newBrowsingContext's sandboxing flag set to sandboxFlags.

      5. @@ -80174,6 +80463,90 @@ interface BarProp { fully defined. It is currently under discussion in issue #5350.

        +

        Reporting policies

        + +

        To queue a violation report for browsing context group + switch when navigating to a COOP page given a string endpoint, a cross-origin opener policy value + COOPValue, a string disposition, a URL + navigationURL, a URL currentDocumentURL, and a + referrer referrer:

        + +

          +
        1. Let previousDocumentURL be referrer.

        2. + +
        3. If currentDocumentURL and navigationURL are + same origin, set previousDocumentURL to + currentDocumentURL.

        4. + +
        5. Set previousDocumentURL's username + to the empty string, and its password to null.

        6. + +
        7. Let serializedPreviousDocumentURL be the result of executing the URL serializer on previousDocumentURL with the + exclude fragment flag set.

        8. + +
        9. +

          Let body be a new object containing the following properties with keys:

          + +
            +
          • key: "disposition", value: disposition.

          • + +
          • key: "effective-policy", value: COOPValue.

          • + +
          • key: "navigation-uri", value: + serializedPreviousDocumentURL.

          • + +
          • key: "violation-type", value: "navigate-to-document".

          • +
          +
        10. + +
        11. Queue body as "coop" + for endpoint with navigationURL.

        12. +
        + +

        To queue a violation report for browsing context group + switch when navigating away from a COOP page given a string endpoint, a + cross-origin opener policy value COOPValue, a string + disposition, a URL navigationURL, a URL + currentDocumentURL, and a URL initialNavigationURL:

        + +

          +
        1. Let nextDocumentURL be initialNavigationURL.

        2. + +
        3. If currentDocumentURL and navigationURL are + same origin, set nextDocumentURL to + navigationURL.

        4. + +
        5. Set nextDocumentURL's username to + the empty string, and its password to null.

        6. + +
        7. Let serializedNextDocumentURL be the result of executing the URL serializer on nextDocumentURL with the + exclude fragment flag set.

        8. + +
        9. +

          Let body be a new object containing the following properties with keys:

          + +
            +
          • key: "disposition", value: disposition.

          • + +
          • key: "effective-policy", value: COOPValue.

          • + +
          • key: "navigation-uri", value: + serializedNextDocumentURL.

          • + +
          • key: "violation-type", value: "navigate-from-document".

          • +
          +
        10. + +
        11. Queue body as "coop" + for endpoint with currentDocumentURL.

        12. +

        Session history and navigation

        @@ -82002,16 +82375,17 @@ interface Location { // but see also url, finalSandboxFlags, incumbentNavigationOrigin, and activeDocumentNavigationOrigin.

        -
      6. Let responseCOOP be "unsafe-none".

      7. +
      8. Let responseCOOP be a new cross-origin opener policy.

      9. -
      10. Let browsingContextSwitchNeeded be false.

      11. +
      12. Let COOPEnforcementResult be a new cross-origin opener policy enforcement + result.

      13. Run process a navigate response with null, resource, navigationType, the source browsing context, browsingContext, finalSandboxFlags, responseOrigin, incumbentNavigationOrigin, activeDocumentNavigationOrigin, null, - responseCOOP, and browsingContextSwitchNeeded.

      14. + responseCOOP, and COOPEnforcementResult.

      @@ -82032,13 +82406,17 @@ interface Location { // but see also cross-origin opener policy enforcement + result.

    15. +
    16. Run process a navigate response with resource, response, navigationType, the source browsing context, browsingContext, finalSandboxFlags, activeDocumentNavigationOrigin, incumbentNavigationOrigin, activeDocumentNavigationOrigin, null, browsingContext's active - document's cross-origin opener policy, and - false.

    17. + document's cross-origin opener + policy, and COOPEnforcementResult.

    So for example a

    Let responseOrigin be null. -

  • Let browsingContextSwitchNeeded be false.

  • +
  • Let COOPEnforcementResult be a cross-origin opener policy enforcement result.

  • Let finalSandboxFlags be an empty sandboxing flag set.

  • @@ -82255,13 +82634,10 @@ interface Location { // but see also
    checking if the response requires a - browsing context group switch given browsingContext, - responseOrigin, and responseCOOP.

    - -
  • If responseRequiresBrowsingContextGroupSwitch is true, set - browsingContextSwitchNeeded to true.

  • +
  • Check if the response + requires a browsing context group switch given browsingContext, + responseOrigin, responseCOOP, and + COOPEnforcementResult.

  • @@ -82367,7 +82743,7 @@ interface Location { // but see also
    browsing contexts source and browsingContext, a sandboxing flag set finalSandboxFlags, three origins finalResponseOrigin, - incumbentNavigationOrigin, and activeDocumentNavigationOrigin, a - cross-origin opener policy responseCOOP, a boolean - browsingContextSwitchNeeded, and null or an environment + incumbentNavigationOrigin and activeDocumentNavigationOrigin, a + cross-origin opener policy responseCOOP, a cross-origin opener policy enforcement result, + COOPEmfrocementResult, and null or an environment reservedEnvironment, run these steps:

      @@ -82433,20 +82810,20 @@ interface Location { // but see also
      an HTML MIME type
      Follow the steps given in the HTML document section - providing browsingContext, request, response, - finalSandboxFlags, finalResponseOrigin, + providing source, browsingContext, type, request, + response, finalSandboxFlags, finalResponseOrigin, incumbentNavigationOrigin, activeDocumentNavigationOrigin, - reservedEnvironment, responseCOOP, and - browsingContextSwitchNeeded. Once the steps have completed, return.
      + reservedEnvironment, responseCOOP and COOPEnforcementResult. + Once the steps have completed, return.
      an XML MIME type that is not an explicitly supported XML MIME type
      Follow the steps given in the XML document section - providing browsingContext, type, request, response, - finalSandboxFlags, finalResponseOrigin, + providing source, browsingContext, type, request, + response, finalSandboxFlags, finalResponseOrigin, incumbentNavigationOrigin, activeDocumentNavigationOrigin, - reservedEnvironment, responseCOOP, and - browsingContextSwitchNeeded. Once the steps have completed, return.
      + reservedEnvironment, responseCOOP, and COOPEnforcementResult. + Once the steps have completed, return.
      a JavaScript MIME type
      a JSON MIME type that is not an explicitly supported JSON MIME @@ -82456,37 +82833,37 @@ interface Location { // but see also text/plain"
      "text/vtt"
      Follow the steps given in the plain text file section - providing browsingContext, type, request, response, - finalSandboxFlags,finalResponseOrigin, + providing source, browsingContext, type, request, + response, finalSandboxFlags,finalResponseOrigin, incumbentNavigationOrigin, activeDocumentNavigationOrigin, - reservedEnvironment, responseCOOP, and - browsingContextSwitchNeeded. Once the steps have completed, return.
      + reservedEnvironment, responseCOOP, and COOPEnforcementResult. + Once the steps have completed, return.
      "multipart/x-mixed-replace"
      Follow the steps given in the multipart/x-mixed-replace section providing - browsingContext, type, request, response, + source, browsingContext, type, request, response, finalSandboxFlags, finalResponseOrigin, incumbentNavigationOrigin, activeDocumentNavigationOrigin, reservedEnvironment, responseCOOP, and - browsingContextSwitchNeeded. Once the steps have completed, return.
      + COOPEnforcementResult. Once the steps have completed, return.
      A supported image, video, or audio type
      Follow the steps given in the media section providing - browsingContext, type, request, response, - finalSandboxFlags, finalResponseOrigin, + source, browsingContext, type, request, + response, finalSandboxFlags, finalResponseOrigin, incumbentNavigationOrigin, activeDocumentNavigationOrigin, - reservedEnvironment, responseCOOP, and - browsingContextSwitchNeeded. Once the steps have completed, return.
      + reservedEnvironment, responseCOOP, and COOPenforcementResult. + Once the steps have completed, return.
      A type that will use an external application to render the content in browsingContext
      Follow the steps given in the plugin section - providing browsingContext, type, request, response, - finalSandboxFlags, finalResponseOrigin, + providing source, browsingContext, type, request, + response, finalSandboxFlags, finalResponseOrigin, incumbentNavigationOrigin, activeDocumentNavigationOrigin, - reservedEnvironment, responseCOOP, and - browsingContextSwitchNeeded. Once the steps have completed, return.
      + reservedEnvironment, responseCOOP, and COOPEnforcementResult. + Once the steps have completed, return.

      An explicitly supported XML MIME type is an XML MIME type for which @@ -82656,18 +83033,21 @@ interface Location { // but see also type type, content type contentType, a request request, a response response, a browsing context browsingContext, a sandboxing flag set - finalSandboxFlags, three origins origin, - incumbentNavigationOrigin, activeDocumentNavigationOrigin, null or an + data-x="concept-response">response response, two browsing contexts source, and browsingContext, a + sandboxing flag set finalSandboxFlags, three origins origin, incumbentNavigationOrigin, + activeDocumentNavigationOrigin, null or an environment reservedEnvironment, a cross-origin opener policy - navigationCOOP, and a boolean browsingContextSwitchNeeded:

      + navigationCOOP, and a cross-origin opener + policy enforcement result COOPEnforcementResult:

        -
      1. If browsingContextSwitchNeeded is true, set browsingContext to the - result of the obtain a browsing context to use - for a navigation response algorithm, given browsingContext, - finalSandboxFlagSet, and navigationCOOP.

      2. +
      3. Set browsingContext to the result of the obtain a browsing context to use for a navigation + response algorithm, given request, response, source, + browsingContext, finalSandboxFlagSet, navigationCOOP, and + COOPEnforcementResult.

      4. Let featurePolicy be the result of creating a feature policy from a @@ -82953,20 +83333,20 @@ new PaymentRequest(…); // Allowed to use

        Page load processing model for HTML files

        When an HTML document is to be loaded, given a - browsingContext, request, response, finalSandboxFlags, - finalResponseOrigin, incumbentNavigationOrigin, + source, browsingContext, request, response, + finalSandboxFlags, finalResponseOrigin, incumbentNavigationOrigin, activeDocumentNavigationOrigin, environment, responseCOOP, and - browsingContextSwitchNeeded the user agent must queue a task on the + COOPEnforcementResult the user agent must queue a task on the networking task source to:

        1. Let document be the result of creating and initializing a Document object providing "html", "text/html", - request, response, browsingContext, finalSandboxFlags, - finalResponseOrigin, incumbentNavigationOrigin, - activeDocumentNavigationOrigin, environment, responseCOOP, and - browsingContextSwitchNeeded.

        2. + request, response, source browsingContext, + finalSandboxFlags, finalResponseOrigin, + incumbentNavigationOrigin, activeDocumentNavigationOrigin, + environment, responseCOOP, and COOPEnforcementResult.

        3. Create an HTML parser and associate it with the document. Each @@ -82999,19 +83379,20 @@ new PaymentRequest(…); // Allowed to use

          Page load processing model for XML files

          -

          When faced with displaying an XML file inline, provided browsingContext, - request, response, finalSandboxFlags, +

          When faced with displaying an XML file inline, provided source, + browsingContext, request, response, finalSandboxFlags, finalResponseOrigin, incumbentNavigationOrigin, activeDocumentNavigationOrigin, environment,responseCOOP, and - browsingContextSwitchNeeded user agents must follow the requirements defined in - XML and Namespaces in XML, XML Media Types, DOM, - and other relevant specifications to create and - initialize a Document object providing "xml", - type, request, response, browsingContext, - finalSandboxFlags, finalResponseOrigin incumbentNavigationOrigin, + COOPEnforcementResult user agents must follow the requirements defined in + XML and Namespaces in XML, XML Media Types, + DOM, and other relevant specifications to create and initialize a Document object + providing "xml", type, request, response, + source, browsingContext, finalSandboxFlags, + finalResponseOrigin incumbentNavigationOrigin, activeDocumentNavigationOrigin, environment, responseCOOP. and - browsingContextSwitchNeeded. It must also create and a corresponding XML - parser.

          + COOPEnforcementResult. It must also create and a corresponding XML parser. +

          At the time of writing, the XML specification community had not actually yet specified how XML and the DOM interact.

          @@ -83055,21 +83436,21 @@ new PaymentRequest(…); // Allowed to use

          Page load processing model for text files

          -

          When a plain text document is to be loaded, provided a browsingContext, - request, response, finalSandboxFlags, +

          When a plain text document is to be loaded, provided source, + browsingContext, request, response, finalSandboxFlags, finalResponseOrigin, incumbentNavigationOrigin, activeDocumentNavigationOrigin, environment,responseCOOP, and - browsingContextSwitchNeeded the user agent must queue a task on the + COOPEnforcementResult the user agent must queue a task on the networking task source to:

          1. Let document be the result of creating and initialize a Document object providing "html", type, request, - response, browsingContext, finalSandboxFlags, + response, source, browsingContext, finalSandboxFlags, finalResponseOrigin, incumbentNavigationOrigin, activeDocumentNavigationOrigin, environment, responseCOOP, and - browsingContextSwitchNeeded.

          2. + COOPEnforcementResult.

          3. Create an HTML parser and associate it with the document. Act as if the tokenizer had emitted a start tag token with the tag name "pre" followed by a single @@ -83136,20 +83517,20 @@ new PaymentRequest(…); // Allowed to use

            Page load processing model for media

            -

            When an image, video, or audio resource is to be loaded, provided a browsingContext, - request, response, finalSandboxFlags, +

            When an image, video, or audio resource is to be loaded, provided source, + browsingContext, request, response, finalSandboxFlags, finalResponseOrigin, incumbentNavigationOrigin, activeDocumentNavigationOrigin, environment, responseCOOP, - browsingContextSwitchNeeded, the user agent should: + COOPEnforcementResult, the user agent should:

            1. Let document be the result of creating and initialize a Document object providing "html", type, request, - response, browsingContext, finalSandboxFlags, + response, source, browsingContext, finalSandboxFlags, finalResponseOrigin, incumbentNavigationOrigin, activeDocumentNavigationOrigin, environment, responseCOOP, and - browsingContextSwitchNeeded.

            2. + COOPEnforcementResult.

            3. Append an html element to document.

            4. @@ -83206,19 +83587,19 @@ new PaymentRequest(…); // Allowed to use

              Page load processing model for content that uses plugins

              When a resource that requires an external resource to be rendered is to be loaded, provided a - browsingContext, request, response, sandboxFlags, - finalResponseOrigin, incumbentNavigationOrigin, + source, browsingContext, request, response, + finalSandboxFlags, finalResponseOrigin, incumbentNavigationOrigin, activeDocumentNavigationOrigin, environment, responseCOOP, and - browsingContextSwitchNeeded, the user agent should: + COOPEnforcementResult, the user agent should:

              1. Let document be the result of creating and initialize a Document object providing "html", type, request, - response, browsingContext, finalSandboxFlags, + response, source, browsingContext, finalSandboxFlags, finalResponseOrigin, incumbentNavigationOrigin, activeDocumentNavigationOrigin, environment, responseCOOP, and - browsingContextSwitchNeeded.

              2. + COOPEnforcementResult.

              3. Mark document as being a plugin document

              4. @@ -83265,11 +83646,11 @@ new PaymentRequest(…); // Allowed to use

                When the user agent is to display a user agent page inline, the user agent should create and initialize a Document object - providing "html", "text/html", null, null, - browsingContext, an empty set, null, null, and null, and then either associate that - Document with a custom rendering that is not rendered using the normal - Document rendering rules, or mutate that Document until it represents - the content the user agent wants to render.

                + providing "html", "text/html", null, null, null, + browsingContext, an empty set, null, null, null, a new cross-origin opener + policy, and false and then either associate that Document with a custom + rendering that is not rendered using the normal Document rendering rules, or mutate + that Document until it represents the content the user agent wants to render.

                @@ -116219,6 +116600,30 @@ interface External { +

                `Cross-Origin-Opener-Policy-Report-Only`

                + +

                This section describes a header for registration in the Permanent Message Header Field + Registry.

                + +
                +
                Header field name:
                +
                Cross-Origin-Opener-Policy-Report-Only
                +
                Applicable protocol:
                +
                http
                +
                Status:
                +
                standard
                +
                Author/Change controller:
                +
                WHATWG
                +
                Specification document(s):
                +
                + This document is the relevant specification. +
                +
                Related information:
                +
                None.
                +
                + +

                `Ping-From`

                This section describes a header for registration in the Permanent Message Header Field @@ -116360,6 +116765,7 @@ interface External { +

                Index