Re: [w3ctag/design-reviews] COOP same-origin-allow-popups-plus-coep (#649)

I feel a little like we're talking past each other, @torgo. I'll take a stab at it? The claims I read above boil down to:

1.  Cross-origin isolation is essential for building secure websites. Without process isolation, attackers can access data they shouldn't be able to access. https://w3c.github.io/webappsec-post-spectre-webdev/ attempts to spell that out, in addition to the threat model documents @arturjanc provided above and that y'all have looked into before.

2.  Cross-origin isolation is difficult/impossible to deploy for applications that use cross-origin popups in their workflows, as the only mechanism for opting into COI today requires `Cross-Origin-Opener-Policy: same-origin` (which breaks the opener's window handle in both directions). OAuth and payments are excellent examples of things that users see, and expect to see working.

3.  This proposal aims to create a mechanism of opting-into cross-origin isolation while allowing popups. We can do that without compromising on process isolation iff we can ensure that the popped-up window can load in a process distinct from its opener. We can do _that_ if we make the behavior modifications the explainer suggests.

TL;DR: This proposal addresses the needs of developers who can't currently opt-into cross-origin isolation. By doing so, it protects the users of applications that are currently less secure than we'd hope for them to be.

If the above isn't what you're looking for, perhaps you could point to another review where someone's done a good job describing their feature from a user's perspective in a way you found productive and helpful? :)

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/649#issuecomment-880016720