Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cross-Origin Opener Policy: restrict-properties #213

Closed
tapananand opened this issue Oct 13, 2022 · 4 comments
Closed

Cross-Origin Opener Policy: restrict-properties #213

tapananand opened this issue Oct 13, 2022 · 4 comments
Labels
focus-area-proposal Focus Area Proposal

Comments

@tapananand
Copy link

tapananand commented Oct 13, 2022

Description

To use SharedArrayBuffer or WebAssembly multithreading today we need to enable Cross-Origin Isolation by adding appropriate COOP (same-origin) and COEP (require-corp) headers. But this breaks the existing OAuth flows (social sign-in, payments, etc.) that require popups and communication with popups.

The COOP: restrict-properties proposal is the proposed solution for this but it is still in early phases and not implemented in browsers. However, for Chromium based browsers, an Origin Trial exists to be able to use SharedArrayBuffer without cross-origin isolation until this issue is resolved but nothing like that exists for other browsers. This forces developers to either find workarounds with poor performance or end up not shipping a feature on non-chromium browsers.

It would be really great if the COOP: restrict properties spec can be finalized and implemented across all browsers or maybe till then there could be a way to enable SharedArrayBuffer without Cross Origin Isolation on non-Chromium Browsers as well.

Rationale

Lack of this feature takes away the ability for some websites to use powerful features like:

  1. WebAssembly multi-threading.
  2. SharedArrayBuffer (apart from WASM threading for performance, background work, etc.)
  3. High Precision Timers
  4. Measure page memory usage (Important for performance/memory intensive applications)

It is really painful to not be able to use these capabilities along with OAuth or popup related flows. It’s not possible to do away with core requirements like social sign-in or payments which need OAuth/popups.

Chromium bug: https://bugs.chromium.org/p/chromium/issues/detail?id=1221127

Specification

https://github.com/hemeryar/explainers/blob/main/coop_restrict_properties.md
whatwg/html#6364

Tests

https://wpt.fyi/results/html/cross-origin-opener-policy/tentative/restrict-properties

@tapananand tapananand added the focus-area-proposal Focus Area Proposal label Oct 13, 2022
@foolip foolip moved this to Proposed in Interop 2023 Oct 13, 2022
@gsnedders
Copy link
Member

Specification

https://github.com/hemeryar/explainers/blob/main/coop_restrict_properties.md

Is there a plan to move this to a standards-track document, as otherwise this proposal is going to fail on the basis of "not on the standardisation path"?

@gsnedders
Copy link
Member

ah, see whatwg/html#6364

@smaug----
Copy link

That bug doesn't seem to be strictly about restrict-properties, but having some communication mechanism to solve the issue current coop/coep brings in.

@nairnandu
Copy link
Contributor

Thank you for proposing Cross-Origin Opener Policy: restrict-properties for inclusion in Interop 2023.

We wanted to let you know that this proposal was not selected to be part of Interop this year. The web standard for this technology has not yet reached a point where inclusion in the Interop project makes sense. Resubmitting a proposal for this feature as part of a future round of Interop would be welcome.

For an overview of our process, see the proposal selection summary. Thank you again for contributing to Interop 2023!

Posted on behalf of the Interop team.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
focus-area-proposal Focus Area Proposal
Projects
No open projects
Status: Proposed
Development

No branches or pull requests

4 participants