standards-positions icon indicating copy to clipboard operation
standards-positions copied to clipboard

Published 20 hours ago verified publisher icon WebKit

Realms Initialization Control

Open weizman opened this issue 1 year ago • 2 comments

WebKittens

No response

Title of the proposal

Realms Initialization Control

URL to the spec

https://github.com/WICG/Realms-Initialization-Control

URL to the spec's repository

https://github.com/WICG/Realms-Initialization-Control

Issue Tracker URL

No response

Explainer URL

No response

TAG Design Review URL

https://github.com/w3ctag/design-reviews/issues/985

Mozilla standards-positions issue URL

https://github.com/mozilla/standards-positions/issues/1062

WebKit Bugzilla URL

No response

Radar URL

No response

Description

Initialization of same origin realms in an application should be under that application's control.

This proposal describes an opt-in capability to set a script to be loaded first, every time a same origin realm with synchronous access to the main execution environment of the application is created.

The location of the script can be relative or absolute. Secure connection is required. The proposed method for setting the script is a Content Security Policy directive as follows: Content-Security-Policy: "realm-init: /scripts/on-new-same-origin-realm.js" so that the on-new-same-origin-realm.js script will execute before any other JavaScript code executes in the top realm execution environment, as well as any other child realm that matches its origin.

weizman avatar Aug 28 '24 09:08 weizman