Non-origin-clean ImageBitmap serialization and transferring (removed)
This change raises errors when a script tries to serialize or transfer a non-origin-clean ImageBitmap. A non-origin-clean ImageBitmap is one that contains data from cross cross-origin images that is not verified by CORS logic.
We are developing Cross-Origin-Opener-Policy (COOP) and Cross-Origin-Embedder-Policy (COEP) for unblocking APIs such as memory measurement APIs. The basic idea is that we are going to “isolate” a renderer process so that resources not verified by CORS (or CORP) logic cannot enter the process. We call such a process as “cross-origin isolated” process. Non-origin-clean ImageBitmap is data we need to prevent from entering into an cross-origin isolated process. Hence we would like to disallow serialization and transferring non-origin-clean ImageBitmap.
Specification
Status in Chromium
Removed (tracking bug) in:
- Chrome for desktop release 80
- Chrome for Android release 80
- Android WebView release 80
Consensus & Standardization
- No public signals
- No public signals
- No public signals
- No signals
Owner
Last updated on 2019-12-06