Realms Initialization Control #389
Labels
concerns: security
This proposal may cause security risk if implemented
venue: WICG
Proposal is incubated in the Web Incubator Community Group
WebKittens
No response
Title of the proposal
Realms Initialization Control
URL to the spec
https://github.com/WICG/Realms-Initialization-Control
URL to the spec's repository
https://github.com/WICG/Realms-Initialization-Control
Issue Tracker URL
No response
Explainer URL
No response
TAG Design Review URL
w3ctag/design-reviews#985
Mozilla standards-positions issue URL
mozilla/standards-positions#1062
WebKit Bugzilla URL
No response
Radar URL
No response
Description
Initialization of same origin realms in an application should be under that application's control.
This proposal describes an opt-in capability to set a script to be loaded first, every time a same origin realm with synchronous access to the main execution environment of the application is created.
The location of the script can be relative or absolute. Secure connection is required. The proposed method for setting the script is a Content Security Policy directive as follows:
Content-Security-Policy: "realm-init: /scripts/on-new-same-origin-realm.js"
so that theon-new-same-origin-realm.js
script will execute before any other JavaScript code executes in the top realm execution environment, as well as any other child realm that matches its origin.The text was updated successfully, but these errors were encountered: