This change raises errors when a script tries to serialize or transfer a non-origin-clean ImageBitmap. A non-origin-clean ImageBitmap is one that contains data from cross cross-origin images that is not verified by CORS logic.

Motivation

We are developing Cross-Origin-Opener-Policy (COOP) and Cross-Origin-Embedder-Policy (COEP) for unblocking APIs such as memory measurement APIs. The basic idea is that we are going to “isolate” a renderer process so that resources not verified by CORS (or CORP) logic cannot enter the process. We call such a process as “cross-origin isolated” process. Non-origin-clean ImageBitmap is data we need to prevent from entering into an cross-origin isolated process. Hence we would like to disallow serialization and transferring non-origin-clean ImageBitmap.

Specification

Specification link

Status: Unknown standards status - check spec link for status

Status in Chromium

Blink components: Blink>Image

Implementation status: Removed (tracking bug)

Consensus & Standardization

• Firefox: No signal
• Safari: No signal
• Web Developers: No signals

Owner

• yhirano@chromium.org

Last updated on 2021-08-16