diff --git a/source b/source index fcb9dde398e..59f31fb6b3b 100644 --- a/source +++ b/source @@ -8088,15 +8088,6 @@ interface DOMStringList {

  • Let agentCluster be the surrounding agent's agent cluster.

    • -
  • -

    If agentCluster's cross-origin isolated is false, then throw a - "DataCloneError" DOMException.

    - -

    This check is only needed when serializing (and not when deserializing) as - cross-origin isolated cannot change over time and a - SharedArrayBuffer cannot leave an agent cluster.

    -
    • -

  • If forStorage is true, then throw a "DataCloneError" DOMException.

    • @@ -8513,6 +8504,18 @@ o.myself = o; serialized.[[AgentCluster]], then then throw a "DataCloneError" DOMException.

    +

  • If targetRealm's cross-origin isolated capability is false, then throw + "DataCloneError" DOMException.

    + +

    This check is only needed when deserializing (and not when serializing) as + + cross-origin isolated capability cannot change over time and a + SharedArrayBuffer cannot leave an agent + cluster.

    +
    • +

  • Otherwise, set value to a new SharedArrayBuffer object in targetRealm whose [[ArrayBufferData]] internal slot value is serialized.[[ArrayBufferData]] and whose [[ArrayBufferByteLength]] internal slot @@ -77984,8 +77987,43 @@ console.assert(iframeWindow.frameElement === null); keys to agent clusters). User agents are responsible for collecting agent clusters when it is deemed that nothing can access them anymore.

    -

    A browsing context group has a cross-origin isolated boolean. It is initially false.

    +

    A browsing context group has a cross-origin-isolation variable of type + cross-origin-isolation. Initially set to"isolation-none"

    + +

    A cross-origin-isolation type can take 3 possible values:

    + + +
    +

    + isolation-logical and + isolation-concrete are similar. They are both used + for browsing context group, where: +

    + +

    + On some platforms, it is difficult to provide the security properties required + by the cross-origin + isolated capability. As a result, only isolation-concrete can grant access to the cross-origin isolated + capability. isolation-concrete is + used on platform not supporting this capability. +

    +

    A browsing context group has an associated historical agent cluster key map, which is a map of BarProp {

    The cross-origin isolated capability
    -

    Return the logical conjunction of realm's agent cluster's - cross-origin isolated and whether window's associated Document is allowed to - use the "cross-origin-isolated" - feature.

    +

    Return the logical conjunction of:

    +
      +

    1. realm's agent cluster's cross-origin-isolation is isolation-concrete

      2. + +

    2. associated Document is + allowed to use the "cross-origin-isolated" feature.

      +
    +
    • @@ -80424,8 +80468,9 @@ interface BarProp { a registrable domain suffix of and is not equal to effectiveDomain, then throw a "SecurityError" DOMException.

    -

  • If the surrounding agent's agent cluster's cross-origin - isolated is true, then return.

    • +

  • If the surrounding agent's agent cluster's + cross-origin-isolation is not isolation-none then return.

  • If the surrounding agent's agent cluster's is origin-keyed is true, then return.

    • @@ -80534,10 +80579,11 @@ interface BarProp { and the originAgentCluster getter will always return true.

    -

    Similarly, Documents in a cross-origin isolated - agent cluster are automatically origin-keyed. The `Origin-Agent-Cluster` header might be useful as an - additional hint to implementations about resource allocation, since the `Similarly, Documents with agent cluster's + cross-origin-isolated not isolation-none are automatically origin-isolated. The + `Origin-Agent-Cluster` header might be useful as + an additional hint to implementations about resource allocation, since the `Cross-Origin-Opener-Policy` and `Cross-Origin-Embedder-Policy` headers used to achieve cross-origin isolation are more about ensuring that everything in the same address space opts in to being there. But adding @@ -80901,8 +80947,9 @@ interface BarProp {

    This behaves the same as "same-origin", with the addition that it sets the (new) top-level browsing context's group's cross-origin isolated to - true.

    + group">group's cross-origin-isolation to + isolation-logical or isolation-concrete

    "same-origin-plus-COEP" cannot be directly set via the `BarProp {

  • If navigationCOOP's value is "same-origin-plus-COEP", then set - newBrowsingContext's group's cross-origin isolated to true.

    • + newBrowsingContext's group's cross-origin-isolation to: isolation-logical or isolation-concrete. The one used is + platform-specific.

    + +

    It is difficult on some platforms to provide the security properties required by + the cross-origin isolated + capability. Only the isolation-concrete might grant access to it. + Isolation-logical won't and is used for the + platforms not supporting it.

    +

  • If sandboxFlags is not empty, then:

    @@ -86779,9 +86837,11 @@ interface BeforeUnloadEvent : Event {

    Contains various Window objects which can potentially reach each other, either directly or by using document.domain.

    -

    If the encompassing agent cluster's cross-origin isolated is true, - then all the Window objects will be same origin, can reach each other - directly, and document.domain will no-op.

    +

    If the encompassing agent cluster's cross-origin-isolation is not isolation-none, then all the Window + objects will be same origin, can reach each other directly, and document.domain will no-op.

    Two Window objects that are same origin can be in different similar-origin window agents, for @@ -86863,8 +86923,10 @@ interface BeforeUnloadEvent : Event {

    -

    An agent cluster has an associated cross-origin isolated (a boolean), - which is initially false.

    +

    An agent cluster has an associated cross-origin-isolation variable, of type + cross-origin-isolation. Initially set to isolation-none.

    An agent cluster has an associated is origin-keyed (a boolean), which is initially false.

    @@ -86892,8 +86954,10 @@ interface BeforeUnloadEvent : Event {

  • Let key be site.

    • -

  • If group's cross-origin - isolated is true, then set key to origin.

    • +

  • If group's cross-origin-isolation is not isolation-none, then set key to + origin.

  • Otherwise, if group's historical agent cluster key map[origin] exists, then set key to @@ -86918,8 +86982,9 @@ interface BeforeUnloadEvent : Event {

    1. Let agentCluster be a new agent cluster.

      2. -

    2. Set agentCluster's cross-origin isolated to group's - cross-origin isolated.

      3. +

    3. Set agentCluster's cross-origin-isolation to group's + cross-origin-isolation.

    4. Set agentCluster's is origin-keyed to true if key equals origin; otherwise false.

      5. @@ -87300,8 +87365,9 @@ interface BeforeUnloadEvent : Event { href="https://github.com/tc39/ecma262/issues/1357">tc39/ecma262#1357.

    5. -

      If agent's agent cluster's cross-origin isolated is - false, then:

      +

      If agent's agent cluster's cross-origin-isolation is isolation-none, then:

      1. Let global be realm's global @@ -99221,8 +99287,11 @@ interface SharedWorkerGlobalScope : WorkerGlobalScope {

        If worker global scope's embedder policy is "require-corp" and is shared is true, then set - agent's agent cluster's cross-origin isolated to - true.

        + agent's agent cluster's cross-origin-isolated to isolation-logical or isolation-concrete. The one chosen is + platform-specific.

        This really ought to be set when the agent cluster is created, which requires a redesign of this section.

        @@ -99235,8 +99304,8 @@ interface SharedWorkerGlobalScope : WorkerGlobalScope {

      2. Set worker global scope's cross-origin isolated - capability to agent's agent cluster's cross-origin - isolated.

        3. + capability to agent's agent cluster's cross-origin-isolation.

      3. If is shared is false and owner's cross-origin isolated