- From: Andrew Williams <notifications@github.com>
- Date: Wed, 04 Sep 2024 14:02:16 -0700
- To: w3c/FileAPI <FileAPI@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 4 September 2024 21:02:20 UTC
It sounds like Firefox has shipped partitioning blob URL fetches by top-level site [1] and frame origin, and WebKit has shipped partitioning blob URL fetches by top-level origin [2] and frame origin. Also, Safari enforces noopener when blob URLs are window.opened and the blob URL origin is cross-origin from the opening page's top-level origin. Chrome is investigating partitioning blob URL fetches by storage key (top-level site, frame origin, ancestor-chain-bit) and enforcing noopener on window.opened blob URLs when the opening page's top-level site is cross-site to the blob URL site. From a spec perspective, would Firefox and Safari be supportive of updating the Blob URL spec to partition blob URL fetches by storage key and enforce noopener on window.opened blob URLs that are at least cross-site? [1] https://groups.google.com/a/mozilla.org/g/dev-platform/c/1gt1CVIoffc/m/cFloZuPPAAAJ [2] https://github.com/sysrqb/WebKit/commit/7f2ea8fcf41a68add90efab89609218407e1a824 -- Reply to this email directly or view it on GitHub: https://github.com/w3c/FileAPI/issues/153#issuecomment-2330085478 You are receiving this because you are subscribed to this thread. Message ID: <w3c/FileAPI/issues/153/2330085478@github.com>
Received on Wednesday, 4 September 2024 21:02:20 UTC