Re: [whatwg/fetch] From-Origin (#687)

Here's my take from Spectre protection standpoint.

In browsers that do support process-per-origin or process-per-frame, (1) and (2) work best. (3) requires websites to actively prevent their origin's documents from being loaded in other origin's iframes.

In browsers that don't support PPO/PPF, all these options are okay if we're aiming for the opt-in from websites depending on what changes websites can make to protect themselves. For (2) and (3), websites can prevent any of its pages to be loaded inside an untrusted document's iframe with CSP or `X-Frame-Options`.

(4) works best because if there was any document of an untrusted origin in the same process as the opted-in frame, all bets are off against a Spectre attack. However, (4) is only half the solution. We also need to prevent new documents of an untrusted origin from being loaded e.g. by navigating existing iframes or inserting new frames.

I don't think we want to have that kind of side-effect in the document to which these resources are loaded.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/687#issuecomment-380906715

Received on Thursday, 12 April 2018 18:47:15 UTC