Release merge_pr_7994: Restrict secure<=>non-secure SharedWorker creation. · valerioadm/wpt

merge_pr_7994
d9f530b
Compare

Choose a tag to compare

Loading

View all tags

merge_pr_7994: Restrict secure<=>non-secure SharedWorker creation.

merge_pr_7994
d9f530b
Compare

Choose a tag to compare

Loading

View all tags

mikewest tagged this 16 Nov 17:19

We ought to be restricting SharedWorker connections based on the
security context of the document that created the worker. Secure
contexts cannot connect to non-secure SharedWorkers, and non-secure
contexts cannot connect to secure SharedWorkers.

https://w3c.github.io/webappsec-secure-contexts/#examples-shared-workers

We added metrics for this in 2016, and never followed up. Over the last
month, this would have triggered on 0.00001% of page views; it seems
safe to remove.

Intent to Ship: https://groups.google.com/a/chromium.org/d/msg/blink-dev/NNdqRpSfkow/nvCWkHtRAQAJ

Bug: 582813
Change-Id: Iaf9c9304a519b4db1a999e8c91ece5719f8edb7b
Reviewed-on: https://chromium-review.googlesource.com/741743
Reviewed-by: Jochen Eisinger <[email protected]>
Reviewed-by: Emily Stark <[email protected]>
Commit-Queue: Mike West <[email protected]>
Cr-Commit-Position: refs/heads/master@{#517107}

Assets 2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly