- From: Arthur Sonzogni <notifications@github.com>
- Date: Tue, 11 May 2021 09:02:16 -0700
- To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/ServiceWorker/issues/1592/838741939@github.com>
Yes, "coep_safe" might work too. To clarify what you meant, what would give those cases? _(I am assuming here that coep_safe: "original client embedders's policy != none")_ | Case \ params | request, no-cors, cross-origin | response | original client | second client | coep_safe (?) | result (?) | | -- | -- | -- | -- | -- | -- | -- | | 1 | credentials=include | | COEP:none | COEP:credentialless | false | error | | 2 | credentials=include | **CORP:cross-origin** | **COEP:require-corp** | COEP:credentialless | true | allow | | 3 | credentials=include | **CORP:cross-origin** | COEP:none | COEP:credentialless | false | error | | 4 | **credentials=omit** | | COEP:none | COEP:credentialless | false | error | | 5 | credentials=include | **CORP:cross-origin** | COEP:none | **COEP:require-corp** | false | error | (1) & (2) are just the base cases with `COEP:none` and `COEP:require-corp`. So far so good. This sounds right. (3) is stricter than my "less strict version" in https://github.com/w3c/ServiceWorker/issues/1592#issuecomment-838507694 (4) is stricter than both proposition from https://github.com/w3c/ServiceWorker/issues/1592#issuecomment-838507694 (5) contradict with today's behavior. Maybe you didn't meant this to apply to COEP:require-corp client instead? > and it would be more consistent with how we treat the policies as interchangeable elsewhere (e.g., nested documents). That would be a nice thing to keep, if we can indeed! -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/ServiceWorker/issues/1592#issuecomment-838741939
Received on Tuesday, 11 May 2021 16:02:29 UTC