Incompatible with a CSP sandbox #96
Comments
|
Yes this is intended.
It does not require "all the permissions". Please see https://github.com/WICG/fenced-frame/blob/master/explainer/README.md#security-considerations which points to a document that describes in detail which sandbox flags must be allowed for an embedding environment to be considered suitable for a fenced frame. At the moment the set is static across fenced frames but will soon be actually defined by each config-generating API (i.e., Protected Audience and Shared Storage at the moment), who define which sandbox flags must be enabled for a given FencedFrameConfig object to load in an environment. These considerations are made based on what the content represented by each FencedFrameConfig expects to be able to do in its environment. |
|
Thanks for the detailed answer! It's just that currently we can't use sandbox for the topmost window., because AdSense code (https://securepubads.g.doubleclick.net/static/topics/topics_frame.html) can't create fenced frame. |
|
You can use CSP sandbox flags, just limited to a certain set of flags. If we allowed any flags, including ones that prevented ads from doing what they expect or need to do, this could be used as a trivial communication channel between the top page and the ad, which harms user privacy and is precisely the thing we're trying to prevent with this proposal. If possible, using a more lenient set of flags would be the best way forward. |
|
I'm going to close this since I don't think there is any action we can take here that won't compromise user privacy. Please feel free to comment further or re-open the issue if you'd like to continue the dialogue, as we're happy to help further if we can. |
When the topmost frame document have the following CSP header:
Content-Security-Policy: sandbox allow-same-origin allow-scripts allow-top-navigation-by-user-activation;
In the Chrome console the following warning appears:
Can't create a fenced frame. A sandboxed document can load fenced frames only when all of the following permissions are set: allow-same-origin, allow-forms, allow-scripts, allow-popups, allow-popups-to-escape-sandbox and allow-top-navigation-by-user-activation.
Latest Chrome stable channel, Privacy Sandbox trial on.
Is this the intended functionality? Why does the fenced frame require all the permissions set for the topmost frame?
it's a lack of security at all for the top frame. So what is the goal then?
The text was updated successfully, but these errors were encountered: