215407 – Introduce "cross-origin-isolated" permission

Bug 215407 - Introduce "cross-origin-isolated" permission

Summary: Introduce "cross-origin-isolated" permission

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Page Loading (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Chris Dumez

URL:
Keywords:	InRadar

Depends on:
Blocks:	218943 218944
	Show dependency tree / graph

Reported:	2020-08-11 22:18 PDT by yhirano
Modified:	2021-08-22 15:36 PDT (History)
CC List:	14 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description yhirano 2020-08-11 22:18:47 PDT

Introduce "cross-origin-isolated" permission to allow a document to
control whether nested documents can access features that require
securer context, even when COOP+COEP are enabled.

https://github.com/whatwg/html/pull/5752
https://github.com/whatwg/html/issues/5435

Comment 1 Radar WebKit Bug Importer 2020-08-12 10:59:27 PDT

<rdar://problem/66919726>

Comment 2 Sanjay Kumar 2021-03-25 09:56:37 PDT

Hello, any comments, updates here ? 

Without support for these headers we really can't do SharedArrayBuffers and Atomics - which means no pthreads either.

Mozilla has taken the lead on this and enabled it last year. Chrome is going to enforce it soon too - though they already allow SharedArrayBuffers on both Android and Desktop.

Apple makes great CPUs (and devices) but you give up that advantage when you disable multithreading. Please support these headers so we can have supercharged multithreaded WASM powered webapps. Thank you.

Comment 3 Yusuke Suzuki 2021-07-30 16:38:32 PDT

@Chris this is also related to SharedArrayBuffer thing.