diff --git a/source b/source index c874621f78e..ebe20423c4c 100644 --- a/source +++ b/source @@ -86806,14 +86806,15 @@ dictionary DragEventInit : MouseEventInit {
Other risks from same-origin applications include:
Same-origin requests fetching the document's content — could be mitigated through - Fetch Metadata filtering.
Same-origin framing - could be mitigated through X-Frame-Options
or CSP
frame-ancestors
.
JavaScript accessible cookies - can be mitigated by ensuring all cookies are httponly
.
localStorage access to sensitive data.
Service worker installation.
Cache API manipulation or access to sensitive data.
postMessage
or BroadcastChannel
messaging that
exposes sensitive information.
Autofill which may not require user interaction for same-origin documents.
If activeDocumentCOOPValue is "noopener-allow-popups
" and
- responseCOOPValue is "same-origin-allow-popups
" or "unsafe-none
", then return false.
If activeDocumentCOOPValue is "noopener-allow-popups
", then:
If responseCOOPValue is "unsafe-none
", then return false.
If responseCOOPValue is "same-origin-allow-popups
" and
+ activeDocumentNavigationOrigin is same origin with
+ responseOrigin, then return false.
If all of the following are true:
@@ -143647,6 +143657,9 @@ INSERT INTERFACES HERE