The following feature is defined in Reporting API:
+ +The Document has a cross-origin opener policy, which is a cross-origin
- opener policy, initially "unsafe-none".
DocumentOrShadowRoot interfaceLet coop be "unsafe-none".
Let coop be a new cross-origin opener policy.
If creator is non-null and creator's origin is same origin with creator's relevant settings object's @@ -77338,10 +77355,10 @@ console.assert(iframeWindow.frameElement === null);
If current's top-level browsing context's active
- document's cross-origin opener policy is
- "same-origin" or "same-origin-plus-COEP",
- then:
If current's top-level browsing context's active
+ document's cross-origin opener policy's
+ value is "same-origin" or
+ "same-origin-plus-COEP", then:
Let currentDocument be current's active
@@ -79796,10 +79813,30 @@ interface BarProp {
A cross-origin opener policy allows a document which is navigated to in a
top-level browsing context to force the creation of a new top-level browsing
- context and its group. It has one of the following
- values:Cross-origin opener policies
+ Cross-origin opener policy
+
A cross-origin opener policy value
+ (value), initially "unsafe-none".
A string or null (reporting
+ endpoint), initially null.
A cross-origin opener policy value
+ (report only value), initially "unsafe-none".
A string or null (report only reporting endpoint), initially null.
The cross-origin opener policy value consists of the following:
unsafe-none"Let policy be a new cross-origin opener policy.
Let securityState be the result of executing Is environment settings object a secure context? on environment.
If securityState is "Not Secure", then return "unsafe-none".
If securityState is "Not Secure", then return
+ policy.
Let parsedValue be the result of getting a structured header
@@ -79850,33 +79889,96 @@ interface BarProp {
data-x="http-cross-origin-opener-policy">Cross-Origin-Opener-Policy` and type
"item".
If parsedValue is failure or null, then return "unsafe-none".
If parsedValue is not failure and is not null, then:
If parsedValue bare item is not "same-origin" or "same-origin-allow-popups", then return "unsafe-none".
If parsedValue bare item is "same-origin", then:
If parsedValue bare item is "same-origin", then:
Let coep be the result of obtaining a cross-origin embedder + policy from response.
If coep's value is
+ "require-corp", then set policy value to "same-origin-plus-COEP".
Else, set policy value to "same-origin".
If parsedValue bare item is "same-origin-allow-popups",
+ then set policy value to "same-origin-allow-popups".
If parsedValue's parameters["report-to"] exists and it is a string, then set reporting endpoint to + parsedValue's parameters["report-to"].
Let parsedReportOnlyValue be the result of getting a structured header
+ from response's header list given
+ name `Cross-Origin-Opener-Policy-Report-Only`
+ and type "item".
If parsedReportOnlyValue is not failure and is not null, then:
Let coep be the result of obtaining a cross-origin embedder - policy from response.
If parsedReportOnlyValue bare item is "same-origin", then:
If coep is "require-corp", then return "same-origin-plus-COEP".
Let coep be the result of obtaining a cross-origin embedder + policy from response.
If coep's value is
+ "require-corp" or coep's report only value is "require-corp", then set policy report only value to "same-origin-plus-COEP".
Report only COOP also considers report only COEP to assign the special "same-origin-plus-coep" value. This allows developers more freedom in the
+ order of deployment of COOP and COEP.
Else, set policy report only
+ value to "same-origin".
If parsedReportOnlyValue bare item is "same-origin-allow-popups", then set policy report only value to "same-origin-allow-popups".
If parsedReportOnlyValue's parameters["report-to"] exists and it is a string, then set report only reporting endpoint to + parsedReportOnlyValue's parameters["report-to"].
Return parsedValue bare item.
Return policy.
To match cross-origin opener policies, given a - cross-origin opener policy A, an origin originA, a - cross-origin opener policy B, and an origin - originB:
+To match cross-origin opener policies, given a cross-origin opener policy value A, an + origin originA, a >cross-origin opener + policy value B, and an origin originB:
If A is " Return false.unsafe-none" and B is "BarProp {
To check if a navigation requires + a browsing context group switch, given a boolean isInitialEmptyDocument, a + sandboxing flag set sandboxFlags, two origins + activeDocumentNavigationOrigin, incumbentNavigationOrigin, and two cross-origin opener policy values + navigationCOOPValue, incumbentCOOPValue:
+ +If the result of matching
+ incumbentCOOPValue, incumbentNavigationOrigin,
+ navigationCOOPValue and activeDocumentNavigationOrigin is true, return
+ false.
If all of the following are true:
+ +isInitialEmptyDocument.
incumbentCOOPValue's value is "same-origin-allow-popups".
navigationCOOPValue is "unsafe-none".
then return false.
Return true.
To check if enforcing report only + COOP policies would require a browsing context group switch when navigating away from a COOP + page, given a boolean isInitialEmptyDocument, a sandboxing flag set + sandboxFlags, two origins + activeDocumentNavigationOrigin, incumbentNavigationOrigin, and three cross-origin opener policy values + navigationCOOPValue, navigationCOOPReportOnlyValue, + incumbentCOOPReportOnlyValue:
+ +Let browsingContextGroupSwitchNeeded be the result of checking if the navigation requires a + browsing context group switch given isInitialEmptyDocument, + sandboxFlags, activeDocumentNavigationOrigin, + incumbentNavigationOrigin, navigationCOOPValue and + incumbentCOOPReportOnlyValue.
If browsingContextGroupSwitchNeeded is false, return
+ false.
Let browsingContextGroupSwitchNeededReportOnly be the result of checking if the navigation requires a + browsing context group switch given isInitialEmptyDocument, + sandboxFlags, activeDocumentNavigationOrigin, + incumbentNavigationOrigin, navigationCOOPReportOnlyValue and + incumbentCOOPReportOnlyValue.
+ +Matching report only policies allows a website to specify the same report only + Cross-Origin-Opener-Policy on all its pages and not receive violation reports for navigations + between these pages.
+If browsingContextGroupSwitchNeededReportOnly is false,
+ return false.
Return true.
To check if enforcing report only + COOP policies would require a browsing context group switch when navigating to a COOP + page, given a boolean isInitialEmptyDocument, a sandboxing flag set + sandboxFlags, two origins + activeDocumentNavigationOrigin, incumbentNavigationOrigin, and three cross-origin opener policy values + navigationCOOPReportOnlyValue, incumbentCOOPValue, + incumbentCOOPReportOnlyValue:
+ +Let browsingContextGroupSwitchNeeded be the result of checking if the navigation requires a + browsing context group switch given isInitialEmptyDocument, + sandboxFlags, activeDocumentNavigationOrigin, + incumbentNavigationOrigin, navigationCOOPReportOnlyValue and + incumbentCOOPValue.
If browsingContextGroupSwitchNeeded is false, return
+ false.
Let browsingContextGroupSwitchNeededReportOnly be the result of checking if the navigation requires a + browsing context group switch given isInitialEmptyDocument, + sandboxFlags, activeDocumentNavigationOrigin, + incumbentNavigationOrigin, navigationCOOPReportOnlyValue and + incumbentCOOPReportOnlyValue.
+ +Matching report only policies allows a website to specify the same report only + Cross-Origin-Opener-Policy on all its pages and not receive violation reports for navigations + between these pages.
+If browsingContextGroupSwitchNeededReportOnly is false,
+ return false.
Return true.
To obtain a browsing context to use for a - navigation response, given a response - response, a browsing context + navigation response, given a request + request, a response response, two + browsing contexts source and browsingContext, a sandboxing flag set sandboxFlags, two origins activeDocumentNavigationOrigin, incumbentNavigationOrigin, and a cross-origin opener policy @@ -79904,35 +80118,130 @@ interface BarProp { cross-origin opener policy of currentBrowsingContext's active document.
If the result of matching - incumbentCOOP, incumbentNavigationOrigin, - navigationCOOP and activeDocumentNavigationOrigin is true, return - browsingContext.
Let isInitialEmptyDocument be false. If
+ currentBrowsingContext's only entry in its session history is the
+ about:blank Document that was added when browsingContext was
+ created, set
+ isInitialEmptyDocument to true.
If all of the following are true:
+If navigationCOOP's report only
+ reporting endpoint is not null, then:
currentBrowsingContext's only entry in its session history is
- the about:blank Document that was added when
- browsingContext was created.
Let browsingContexGroupSwitchNeededReportOnly be the result of checking if enforcing report only COOP + policies would require a browsing context group switch when navigating to a COOP page, + given isInitialEmptyDocument, sandboxFlags, + activeDocumentNavigationOrigin, incumbentNavigationOrigin, + navigationCOOP's report only + value, incumbentCOOP's value, and + incumbentCOOP's report only + value.
If browsingContexGroupSwitchNeededReportOnly is true
+ and browsingContext's browsing context group's browsing context
+ set's size is strictly greater than 1, queue a violation report for
+ browsing context group switch when navigating to a COOP page with
+ navigationCOOP's report only
+ reporting endpoint, navigationCOOP's report only value, "reporting", response's URL, browsingContext's active
+ document's URL, and request's referrer.
activeDocumentCOOP is "same-origin-allow-popups".
If incumbentCOOP's report only
+ reporting endpoint is not null, then:
navigationCOOP is "unsafe-none".
Let initialNavigationURL be a new empty URL.
If source and browsingContext are the same, set + initialNavigationURL to request's URL.
Let browsingContexGroupSwitchNeededReportOnly be the result of checking if enforcing report only + COOP policies would require a browsing context group switch when navigating away from a COOP + page, given isInitialEmptyDocument, sandboxFlags, + activeDocumentNavigationOrigin, incumbentNavigationOrigin, + navigationCOOP's value, + navigationCOOP's report only + value, and incumbentCOOP's report only value.
If browsingContexGroupSwitchNeededReportOnly is true
+ and browsingContext's browsing context group's browsing context
+ set's size is strictly greater than 1, Queue a violation report for
+ browsing context group switch when navigating away from a COOP page with
+ incumbentCOOP's report only
+ reporting endpoint, incumbentCOOP's report only value, "reporting", response's URL, browsingContext's active
+ document's URL, and initialNavigationURL.
Let browsingContextGroupSwitchNeeded be the result of checking if the navigation requires a + browsing context group switch given isInitialEmptyDocument, + sandboxFlags, activeDocumentNavigationOrigin, + incumbentNavigationOrigin, navigationCOOP's value, and incumbentCOOP's + value.
If browsingContextGroupSwitchNeeded is false, return + browsingContext.
then return browsingContext.
+If navigationCOOP's reporting
+ endpoint is not null, and browsingContext's
+ browsing context group's browsing context set's size is strictly greater than 1, queue a violation report for browsing context group switch
+ when navigating to a COOP page with navigationCOOP's reporting endpoint, navigationCOOP's value, "enforce", response's
+ URL, browsingContext's active
+ document's URL, and request's referrer.
If incumbentCOOP's reporting
+ endpoint is not null, and browsingContext's
+ browsing context group's browsing context set's
+ size is strictly greater than 1,
+ then:
Let initialNavigationURL be a new empty URL.
If source and browsingContext are the same, set + initialNavigationURL to request's URL.
Queue a violation report for browsing context
+ group switch when navigating away from a COOP page with incumbentCOOP's reporting endpoint, incumbentCOOP's
+ value, "enforce",
+ response's URL,
+ browsingContext's active document's URL, and
+ initialNavigationURL.
Let newBrowsingContextGroup be the result of creating a new browsing context group.
If navigationCOOP is "same-origin-plus-COEP", then set
- newBrowsingContextGroup cross-origin
- isolated to true.
If navigationCOOP's value is "same-origin-plus-COEP", then set newBrowsingContextGroup cross-origin isolated to true.
Let newBrowsingContext be the result of creating a new browsingContext in newBrowsingContextGroup.
If sandboxFlags is not empty, then:
Assert navigationCOOP is "unsafe-none".
Assert navigationCOOP's value is
+ "unsafe-none".
Set newBrowsingContext's sandboxing flag set to sandboxFlags.
To queue a violation report for browsing context group + switch when navigating to a COOP page given a string endpoint, a cross-origin opener policy value + COOPValue, a string disposition, a URL + navigationURL, a URL currentDocumentURL, and a + referrer referrer:
+ +
Let previousDocumentURL be referrer.
If currentDocumentURL and navigationURL are + same origin, set previousDocumentURL to + currentDocumentURL.
Set previousDocumentURL's username
+ to the empty string, and its password to null.
Let serializedPreviousDocumentURL be the result of executing the URL serializer on previousDocumentURL with the + exclude fragment flag set.
Let body be a new object containing the following properties with keys:
+ +key: "disposition", value: disposition.
key: "effective-policy", value: COOPValue.
key: "navigation-uri", value:
+ serializedPreviousDocumentURL.
key: "violation-type", value: "navigate-to-document".
Queue body as "coop"
+ for endpoint with navigationURL.
To queue a violation report for browsing context group + switch when navigating away from a COOP page given a string endpoint, a + cross-origin opener policy value COOPValue, a string + disposition, a URL navigationURL, a URL + currentDocumentURL, and a URL initialNavigationURL:
+ +
Let nextDocumentURL be initialNavigationURL.
If currentDocumentURL and navigationURL are + same origin, set nextDocumentURL to + navigationURL.
Set nextDocumentURL's username to
+ the empty string, and its password to null.
Let serializedNextDocumentURL be the result of executing the URL serializer on nextDocumentURL with the + exclude fragment flag set.
Let body be a new object containing the following properties with keys:
+ +key: "disposition", value: disposition.
key: "effective-policy", value: COOPValue.
key: "navigation-uri", value:
+ serializedNextDocumentURL.
key: "violation-type", value: "navigate-from-document".
Queue body as "coop"
+ for endpoint with currentDocumentURL.
text/vtt"multipart/x-mixed-replace"Let browsingContextSwitch be false.
When an HTML document is to be loaded in a browsing - context, provided browsingContext, request, response, - sandboxFlags, incumbentNavigationOrigin, and + context, provided source, browsingContext, request, + response, sandboxFlags, incumbentNavigationOrigin, and activeDocumentNavigationOrigin, the user agent must queue a task on the networking task source to:
@@ -82617,8 +83011,9 @@ new PaymentRequest(…); // Allowed to useLet document be the result of creating and initializing a Document
object providing "html", "text/html",
- request, response, browsingContext, sandboxFlags,
- incumbentNavigationOrigin, and activeDocumentNavigationOrigin.
Create an HTML parser and associate it with the document. Each @@ -82651,16 +83046,17 @@ new PaymentRequest(…); // Allowed to use
When faced with displaying an XML file inline, provided browsingContext, - request, response, sandboxFlags, +
When faced with displaying an XML file inline, provided source,
+ browsingContext, request, response, sandboxFlags,
incumbentNavigationOrigin, and activeDocumentNavigationOrigin, user agents
must follow the requirements defined in XML and Namespaces in XML,
XML Media Types, DOM, and other relevant specifications to create and initialize a Document object
providing "xml", type, request, response,
- browsingContext, sandboxFlags, incumbentNavigationOrigin, and
- activeDocumentNavigationOrigin. It must also create and a corresponding XML
- parser.
At the time of writing, the XML specification community had not actually yet specified how XML and the DOM interact.
@@ -82705,15 +83101,16 @@ new PaymentRequest(…); // Allowed to useWhen a plain text document is to be loaded in a browsing context, provided - browsingContext, request, response, sandboxFlags, - incumbentNavigationOrigin, and activeDocumentNavigationOrigin, the user - agent must queue a task on the networking task source to: + source, browsingContext, request, response, + sandboxFlags, incumbentNavigationOrigin, and + activeDocumentNavigationOrigin, the user agent must queue a task on the + networking task source to:
Let document be the result of creating and initialize a Document object
providing "html", type, request,
- response, browsingContext, sandboxFlags,
+ response, source, browsingContext, sandboxFlags,
incumbentNavigationOrigin, and activeDocumentNavigationOrigin.
Create an HTML parser and associate it with the document. Act as @@ -82782,7 +83179,7 @@ new PaymentRequest(…); // Allowed to use
When an image, video, or audio resource is to be loaded in a browsing context, - provided browsingContext, request, response, + provided source, browsingContext, request, response, sandboxFlags, incumbentNavigationOrigin, and activeDocumentNavigationOrigin, the user agent should: @@ -82790,7 +83187,7 @@ new PaymentRequest(…); // Allowed to use
Let document be the result of creating and initialize a Document object
providing "html", type, request,
- response, browsingContext, sandboxFlags,
+ response, source, browsingContext, sandboxFlags,
incumbentNavigationOrigin, and activeDocumentNavigationOrigin.
Append an html element to document.
When a resource that requires an external resource to be rendered is to be loaded in a - browsing context, provided browsingContext, request, - response, sandboxFlags, incumbentNavigationOrigin, and - activeDocumentNavigationOrigin, the user agent should: + browsing context, provided source, browsingContext, + request, response, sandboxFlags, + incumbentNavigationOrigin, and activeDocumentNavigationOrigin, the user + agent should:
Let document be the result of creating and initialize a Document object
providing "html", type, request,
- response, browsingContext, sandboxFlags,
+ response, source, browsingContext, sandboxFlags,
incumbentNavigationOrigin, and activeDocumentNavigationOrigin.
Mark document as being a plugin document
When the user agent is to display a user agent page inline in a browsing context,
the user agent should create and initialize a
Document object providing "html", "text/html", null, null, browsingContext, an empty set, null, and null,
- and then either associate that Document with a custom rendering that is not rendered
- using the normal Document rendering rules, or mutate that Document until
- it represents the content the user agent wants to render.
Document with a custom rendering that is not
+ rendered using the normal Document rendering rules, or mutate that
+ Document until it represents the content the user agent wants to render.
@@ -116034,7 +116432,8 @@ interface External {
Valid Cross-Origin-Opener-Policy values include "unsafe-none", "same-origin-allow-popups" and "same-origin".
In order to support forward-compatibility with as-yet-unknown request types, user agents MUST ignore this header if it contains an invalid value. Likewise, user agents MUST ignore this header if @@ -116059,6 +116458,48 @@ interface External { +
Cross-Origin-Opener-Policy-Report-Only`This section describes a header for registration in the Permanent Message Header Field + Registry.
+ +The Cross-Origin-Opener-Policy-Report-Only
+ HTTP response header field allows a server to declare an opener policy for a given document. It is
+ a Structured Header whose value MUST be a token. Its ABNF is:
Cross-Origin-Opener-Policy-Report-Only = sh-item
Valid Cross-Origin-Opener-Policy-Report-Only values include "unsafe-none", "same-origin-allow-popups" and "same-origin". These values may have a parameter specifying a string which
+ represents the endpoint for violation reporting.
In order to support forward-compatibility with as-yet-unknown request types, user agents MUST
+ ignore this header if it contains an invalid value. Likewise, user agents MUST ignore this header if
+ the value cannot be parsed as a sh-token.