[w3ctag/design-reviews] COOP same-origin-allow-popups-plus-coep (#649) from camillelamy on 2021-06-18 (public-webapps-github@w3.org from June 2021)

From: camillelamy <notifications@github.com>
Date: Fri, 18 Jun 2021 02:55:48 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/649@github.com>

Ya ya yawm TAG!

I'm requesting a TAG review of COOP same-origin-allow-popups-plus-coep.

To make crossOriginIsolation easier to deploy on sites with OAuth/payment flows relying on popups, we would like Cross-Origin-Opener-Policy: same-origin-allow-popups to also enable crossOriginIsolation when served with an appropriate Cross-Origin-Embedder-Policy header. This would introduce a new COOP mode, with a few restrictions compared to regular COOP same-origin-allow-popups. However, this mode would be crossOriginIsolated, while still having access to any popup it opens through window.postMessage.

  - Explainer¹ (minimally containing user needs and example code): [explainer](https://github.com/camillelamy/explainers/blob/master/coi-with-popups.md)
  - Security and Privacy self-review²: [self-review](https://github.com/camillelamy/explainers/blob/master/coi-with-popups-sp-questionaire.md)
  - GitHub repo (if you prefer feedback filed there): [repo](https://github.com/camillelamy/explainers)
  - Primary contacts (and their relationship to the specification):
      - [Camille Lamy] ([camillelamy]), [Google]
  - Organization/project driving the design: [Google]
  - External status/issue trackers for this feature (publicly visible, e.g. Chrome Status): [Chrome Status](https://chromestatus.com/feature/5731309970259968)
 

Further details:

  - [x] I have reviewed the TAG's [Web Platform Design Principles](https://w3ctag.github.io/design-principles/)
  - The group where the incubation/design work on this is being done (or is intended to be done in the future): WHATWG
  - The group where standardization of this work is intended to be done ("unknown" if not known): WHATWG
  - Existing major pieces of multi-stakeholder review or discussion of this design:
  - Major unresolved issues with or opposition to this design:
  - This work is being funded by: Google


We'd prefer the TAG provide feedback as (please delete all but the desired option):

  🐛 open issues in our GitHub repo for **each point of feedback**


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/649

Received on Friday, 18 June 2021 09:56:26 UTC