Bug 215407

Summary: Introduce "cross-origin-isolated" permission
Product: WebKit Reporter: yhirano
Component: Page LoadingAssignee: Chris Dumez <cdumez>
Status: NEW ---    
Severity: Normal CC: achristensen, anthony.bowker, beidson, cdumez, chi187, ggaren, hypertree, lolwebkitbugtracker, tibor.klajnscek, tomac, webkit-bug-importer, wilander, youennf, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 218943, 218944    

Description yhirano 2020-08-11 22:18:47 PDT 
Introduce "cross-origin-isolated" permission to allow a document to
control whether nested documents can access features that require
securer context, even when COOP+COEP are enabled.

https://github.com/whatwg/html/pull/5752
https://github.com/whatwg/html/issues/5435
Comment 1 Radar WebKit Bug Importer 2020-08-12 10:59:27 PDT 
<rdar://problem/66919726>
Comment 2 Sanjay Kumar 2021-03-25 09:56:37 PDT 
Hello, any comments, updates here ? 

Without support for these headers we really can't do SharedArrayBuffers and Atomics - which means no pthreads either.

Mozilla has taken the lead on this and enabled it last year. Chrome is going to enforce it soon too - though they already allow SharedArrayBuffers on both Android and Desktop.

Apple makes great CPUs (and devices) but you give up that advantage when you disable multithreading. Please support these headers so we can have supercharged multithreaded WASM powered webapps. Thank you.
Comment 3 Yusuke Suzuki 2021-07-30 16:38:32 PDT 
@Chris this is also related to SharedArrayBuffer thing.