Pass a top-level navigation initiator origin to Fetch #10991
Conversation
To un-logjam the cookie layering work, I've started whatwg/fetch#1807. That depends on this info to be piped into Fetch so we can actually specify in WHATWG what SameSite=Strict means. This patch plumbs that through on top-level navigatable fetches. This doesn't build because it relies upon the corresponding patch in Fetch. Let me know to land these.
| initiator origin</span> to <var>entry</var>'s <span data-x="she-document-state">document | ||
| state</span>'s <span data-x="document-state-initiator-origin">initiator origin</span> | ||
| </p> | ||
| </li> |
There was a problem hiding this comment.
Please have a look at the formatting guidelines. This isn't quite it.
There was a problem hiding this comment.
I'll take a crack at this while reading the style guide.
Looking into this, I think the only interesting case here is where OPENER is cross-origin to POPUP, because it is exactly this case where you have a non-ancestor initiator. This isn't possible to do because targeting is blocked by the cross-origin-ness of the opened window. We could test where OPENER and POPUP are same-origin, but that just feels like the existing iframe tests with extra steps. Let me know if you see anything worth testing here, but I don't see it. |
bvandersloot-mozilla
force-pushed
the
io
branch
from
adbfce6 to
69959dd
Compare
To un-logjam the cookie layering work, I've started whatwg/fetch#1807. That depends on this info to be piped into Fetch so we can actually specify in WHATWG what SameSite=Strict means.
This patch plumbs that through on top-level navigatable fetches.
This doesn't build because it relies upon the corresponding patch in Fetch. Let me know to land these.
(See WHATWG Working Mode: Changes for more details.)
/browsing-the-web.html ( diff )
/infrastructure.html ( diff )