|
1486 | 1486 | </style> |
1487 | 1487 | <meta content="Bikeshed version c5172e83, updated Fri Nov 20 15:35:20 2020 -0800" name="generator"> |
1488 | 1488 | <link href="https://mikewest.github.io/post-spectre-webdev/" rel="canonical"> |
1489 | | - <meta content="7ee71bbbfdc7683d689ec849c05faffd6e64abb2" name="document-revision"> |
| 1489 | + <meta content="f1728a156b2f6e79f81ad195d69497cb48927e2a" name="document-revision"> |
1490 | 1490 | <style>/* style-autolinks */ |
1491 | 1491 |
|
1492 | 1492 | .css.css, .property.property, .descriptor.descriptor { |
@@ -2333,6 +2333,17 @@ <h4 class="heading settled" data-level="2.1.2" id="dynamic-subresources"><span c |
2333 | 2333 | X-Content-Type-Options: nosniff |
2334 | 2334 | X-Frame-Options: DENY |
2335 | 2335 | </pre> |
| 2336 | + <div class="note" role="note"> |
| 2337 | + Note: That this allows the resource to be used by any cross-origin document. That’s |
| 2338 | + reasonable for some use cases, but requiring CORS, and opting-in a small set of origins via |
| 2339 | + appropriate access-control headers is a possible alternative for some resources. This |
| 2340 | + approach will give those contexts trivial access to the resource’s bits, so the granularity |
| 2341 | + is a tradeoff. Still, considering this case to be the same as the "personalized resources |
| 2342 | + intended for cross-origin use" isn’t unreasonable. |
| 2343 | + <p class="issue" id="issue-ae9c0065"><a class="self-link" href="#issue-ae9c0065"></a> If we implemented more granular bindings for CORP headers (along |
| 2344 | + the lines of <code>Cross-Origin-Resource-Policy: https://trusted.example</code>), we could avoid this |
| 2345 | + tradeoff entirely. <a href="https://github.com/whatwg/fetch/issues/760"><https://github.com/whatwg/fetch/issues/760></a></p> |
| 2346 | + </div> |
2336 | 2347 | <p>For example:</p> |
2337 | 2348 | <ul> |
2338 | 2349 | <li data-md> |
@@ -2778,6 +2789,9 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content |
2778 | 2789 | <div class="issue"> Propose this to WebAppSec.<a href="#issue-bdf75540"> ↵ </a></div> |
2779 | 2790 | <div class="issue"> <a data-link-type="biblio" href="#biblio-coi-threat-model">[COI-THREAT-MODEL]</a> spells out more implications. Bring them in here for more nuance.<a href="#issue-340f57a5"> ↵ </a></div> |
2780 | 2791 | <div class="issue"> Actually describe mitigations, swiping liberally from <a href="https://docs.google.com/document/d/1JBUaX1xSOZRxBk5bRNZWgnzyJoCQC52TIRokACBSmGc/edit?resourcekey=0-cZ7da6v52enjwRSsp_tLyQ">Notes on the threat model of <em>cross-origin isolation</em></a>, <a href="https://docs.google.com/document/d/1zDlfvfTJ_9e8Jdc8ehuV4zMEu9ySMCiTGMS9y0GU92k/edit">Safely reviving shared memory</a>, etc.<a href="#issue-26c425e2"> ↵ </a></div> |
| 2792 | + <div class="issue"> If we implemented more granular bindings for CORP headers (along |
| 2793 | + the lines of <code>Cross-Origin-Resource-Policy: https://trusted.example</code>), we could avoid this |
| 2794 | + tradeoff entirely. <a href="https://github.com/whatwg/fetch/issues/760"><https://github.com/whatwg/fetch/issues/760></a><a href="#issue-ae9c0065"> ↵ </a></div> |
2781 | 2795 | <div class="issue"> Find some links.<a href="#issue-94179e25"> ↵ </a></div> |
2782 | 2796 | <div class="issue"> Find some links.<a href="#issue-94179e25①"> ↵ </a></div> |
2783 | 2797 | <div class="issue"> Find some links.<a href="#issue-94179e25②"> ↵ </a></div> |
|
0 commit comments