w3ctag/design-reviews

`noopener-allow-popups` value in COOP

yoavweiss opened this issue · 3 comments

yoavweiss commented

こんにちは TAG-さん!

I'm requesting a TAG review for adding a noopener-allow-popups value to COOP.

The noopener-allow-popups Cross-Origin-Opener-Policy value severs the opener relationship between the document loaded with this policy and its opener. At the same time, the opened document can open further documents (as the "allow-popups" in the name suggests) and maintain its opener relationship with them, assuming that their COOP policy allows it.

  • Explainer¹ (minimally containing user needs and example code): url
  • Specification URL: spec url
  • Tests: CL
  • User research: N/A
  • Security and Privacy self-review²: url
  • GitHub repo: url
  • Primary contacts (and their relationship to the specification):
  • Organization(s)/project(s) driving the specification: Shopify
  • Key pieces of existing multi-stakeholder (e.g. developers, implementers, civil society) support, review or discussion of this specification
  • Key pieces of multi-implementer support:
  • External status/issue trackers for this specification (publicly visible, e.g. Chrome Status): https://chromestatus.com/feature/5163293877731328

Further details:

  • I have reviewed the TAG's Web Platform Design Principles
  • Relevant time constraints or deadlines: Nothing specific, hoping to ship this year.
  • The group where the work on this specification is currently being done: WHATWG
  • The group where standardization of this work is intended to be done (if current group is a community group or other incubation venue):
  • Major unresolved issues with or opposition to this specification: None atm.
  • This work is being funded by: Shopify

You should also know that...

[please tell us anything you think is relevant to this review]

martinthomson commented

So how was your weekend?

@yoavweiss, do you think that you could fill in more of the details we're asking for in the template?

yoavweiss commented

So how was your weekend?

Good. You? :)

@yoavweiss, do you think that you could fill in more of the details we're asking for in the template?

Added implementer positions and timeline. Apologies for leaving that out. Anything else I'm missing?

martinthomson commented

Thanks for highlighting this problem @yoavweiss. A small breakout group looked at this today and it seems like you have started an interesting discussion with a few people about the topic. We encourage you to continue that discussion. The Web Application Security Working Group seems like a pretty natural place to take this work.

For now, we'd suggest that our input to that discussion would not be as useful as that of the people you are already discussing this with, so we're going to decline this review.