- From: Mike West <notifications@github.com>
- Date: Wed, 27 Jan 2021 00:18:32 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/582/768116322@github.com>
> How to secure nested navigation? This is the big one, and he document proposes two alternatives, but there may well be other, better methods. From Chromium, @camillelamy and @arthursonzogni have volunteered to work through it, and I know they'd appreciate both your opinions, @annevk, as well as the TAG's insight. Ideally folks like @othermaciej could help us find WebKittens interested in the problem space as well, as there are similarities between the result of opting into this proposal, and the default behavior Safari ships. > What about IP-based authentication and "local" networks? Private Network Access (née CORS-RFC1918, which y'all are reviewing in #572) seem like the long term answer. In the short term, the core question is whether this hole in the mechanism is one which blocks us from considering `COOP: same-origin` + `COEP: whatever-this-is-called` cross-origin isolated. Given that @letitz is actively working on that long term solution, I think it's a hole we can temporarily accept in Chromium, as it's strictly better than our status quo, and will allow us to keep `SharedArrayBuffer` deprecation on track by unblocking a few sites we've talked to that are having issues with `COEP: require-corp` and dependencies. I'd be quite interested in hearing whether Mozillans (and the TAG!) share that opinion. :) /cc @othermaciej for all of the above, as I'm still hoping that WebKittens will rejoin this kind of conversation around cross-origin isolation. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/582#issuecomment-768116322
Received on Wednesday, 27 January 2021 08:18:45 UTC