Isolation by Default

December 01, 2020

1.6k

Isolation by Default

Presented at a mini-XSLeaks summit: TL;DR: Isolation is possible today, but is entirely opt-in. What if it was opt-out instead, and developers had to opt-into cross-origin collaboration? It would certainly be safer. Would it also be good?

(Yes. It would.)

Barely thought-through proposals:

* https://github.com/mikewest/coop-by-default/
* https://github.com/mikewest/embedding-requires-opt-in/
* https://github.com/mikewest/deprecating-document-domain/
* https://wicg.github.io/cors-rfc1918/
* https://github.com/mikewest/credentiallessness/

Mike West
PRO

December 01, 2020

More Decks by Mike West

See All by Mike West

W3C Permissions Workshop - 2022-12-05

mikewest

PRO

The Web We Can Ship

mikewest

PRO

370

Web Platform Security @ CMS Security Summit 2020

mikewest

PRO

2.4k

Web Platform Security @ TechDays 2019

mikewest

PRO

150

Cookies are bad @ HTTP Workshop 2019

mikewest

PRO

390

Web Platform Security @ CMS Security Summit

mikewest

PRO

Web Platform Security PhD Summit @ Google Munich

mikewest

PRO

800

BSides Munich

mikewest

PRO

300

Hardening the Web Platform - AppSec EU, 2016

mikewest

PRO

1.4k

Other Decks in Programming

See All in Programming

入門 AWS Amplify Gen2 / Introduction to AWS Amplify Gen2

genkiogasawara

290

オブジェクト指向は必要なのか / Is object-oriented needed?

kishida

21k

From Spring Boot 2 to Spring Boot 3 with Java 22 and Jakarta EE

ivargrimstad

740

Ruby製社内ツールのGo移行

bgpat

330

HUIT新歓2024「競技プログラミング、やってみませんか？」

slephy2784

250

15分間でふんわり理解するDocker @ Matsuriba MAX

ukwhatn

PRO

410

CA.swift19 恋するAIアプリ開発の裏側

oskmr

290

Introduction for Open Source Swift Workshop

giginet

PRO

イベントストーミングによるオブジェクトモデリング・オブジェクト指向プログラミングの適用・開発プロセスの変遷・アーキテクチャの変革 / Object modeling with Event Storming.

nrslib

4.8k

Changed Rules: Architectures with Lightweight Stores

manfredsteyer

PRO

220

両面どころかインフラもTSでできるよ～全方位TypeScriptによるプロダクト開発～

myfinder

3.2k

どうしてこうなった命名集 ~🔥編~ / OOC 2024 LT

pictiny

3.9k

Featured

See All Featured

Building Your Own Lightsaber

phodgson

5.7k

GraphQLとの向き合い方2022年版

quramy

12k

Writing Fast Ruby

sferik

619

60k

What the flash - Photography Introduction

edds

11k

Large-scale JavaScript Application Architecture

addyosmani

502

110k

Ruby is Unlike a Banana

tanoku

10k

Easily Structure & Communicate Ideas using Wireframe

afnizarnur

185

16k

Sharpening the Axe: The Primacy of Toolmaking

bcantrill

1.4k

I Don’t Have Time: Getting Over the Fear to Launch Your Podcast

jcasabona

1.6k

Bootstrapping a Software Product

garrettdimon

PRO

301

110k

RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub

eileencodes

124

32k

[RailsConf 2023 Opening Keynote] The Magic of Rails

eileencodes

8.3k

Transcript

Isolation by Default XSLeaks Summit 2020-12-01 — Camille Lamy &
Mike West
Status quo ante:
Status quo: Well-informed developers will adopt CORP, XFO, COOP, and
COEP. Less-informed developers remain vulnerable.
The Future? Browsers will isolate documents by default. Developers who
require cross-origin collaboration can opt-out of isolation.
A Few Modest Proposals User agents should: 1. Apply COOP:
same-origin-allow-popups by default: https://github.com/mikewest/coop-by-default/ 2. Require embedees to opt-into framing rather than out of it: https://github.com/mikewest/embedding-requires-opt-in/ 3. Deprecate and remove impediments to origin isolation by default (most notably document.domain: https://github.com/mikewest/deprecating-document-domain)
A Few More Modest Proposals User agents should: 4. Require
opt-in for communication across network boundaries: https://wicg.github.io/cors-rfc1918/ 5. Shift towards credentiallness requests by default (SameSite=Lax on the one hand, COEP: x-bikeshed-credentialless-unless-cors on the other): https://github.com/mikewest/credentiallessness/ 6. Strict MIME type checking, in conjunction with CORB/ORB.
What else should we try to break ﬁx?