Allowing cross-origin isolation with Oauth popups. from Arthur Hemery on 2022-05-04 (public-fed-id@w3.org from May 2022)

From: Arthur Hemery <ahemery@google.com>
Date: Wed, 4 May 2022 16:55:43 +0200
To: public-fed-id@w3.org
Cc: Camille Lamy <clamy@google.com>
Message-ID: <CAF07A2UOtQUNC+o1jSwUPBW5eUTSZkmGKgx3gwiRpvPm+Tn==g@mail.gmail.com>

Hi everyone,

In recent years, browsers have gated some Web APIs behind
crossOriginIsolated
<https://developer.mozilla.org/en-US/docs/Web/API/crossOriginIsolated>, see
https://web.dev/coop-coep/ for more details. One of the pain points of
deploying Cross-Origin-Opener-Policy (COOP), which is one of the
requirements, is that it prevents working with third-party Oauth providers
in the form of popups.

We've thought about a possible solution in this github thread:
https://github.com/whatwg/html/issues/6364, which led to this explainer:
https://github.com/hemeryar/explainers/blob/main/coop_restrict_properties.md

We'd be very interested to know if that solution would be suitable for you!

Cheers,
Arthur H. from the Chrome web platform security team.

Received on Wednesday, 4 May 2022 14:56:57 UTC