Re: [whatwg/fetch] From-Origin (#687)

On Fri, Apr 6, 2018 at 7:00 PM, arturjanc <notifications@github.com> wrote:

> John, I'm not sure I follow the frame-focused reasoning in your proposal;
> IIUC under this logic evil.com could not have any frames but still load
> victim.com/secret.txt as an <img> or another subresource type, which
> would then allow it to exfiltrate its contents. Or am I misunderstanding
> the approach?
>
> I assume that victim.com/secret.txt would be served with a response
header like "From-Origin: https://victim.com" and therefore the browser
would prevent this resource from being loaded into the renderer process
hosting evil.com (i.e. the browser would stop the load unless it can
guarantee that the target renderer only hosts data from the
https://victim.com origin).

> Wouldn't the real solution from Spectre-like exfiltration be to have
> something like https://www.chromium.org/developers/design-documents/
> oop-iframes?
>
Different browsers can approach the "can guarantee that the target renderer
only hosts data from the https://victim.com origin" problem in different
ways.  Current plan of action for Chromium is to use out-of-process
iframes, but even without oop-iframes a browser can track which
origins/sites are hosted in a renderer process and block resource loads /
frame embedding as needed (possibly in a way that breaks legacy users of
resource marked this way - this is why mechanisms like "From-Origin: ..."
or "X-Frame-Options: SAMEORIGIN" are needed as an opt-in mechanism).


> —
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub
> <https://github.com/whatwg/fetch/issues/687#issuecomment-379424368>, or mute
> the thread
> <https://github.com/notifications/unsubscribe-auth/ALoIqKSQiKNZll_5WY9NCVpigi-Kr-Qzks5tmB29gaJpZM4S--lq>
> .
>


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/687#issuecomment-379427632