Note that Blob URL usage is restricted due to storage partitioning #36542
Labels
Content:WebAPI
Web API docs
help wanted
If you know something about this topic, we would love your help!
Comments
recvfrom
added
the
needs triage
5 tasks
Josh-Cena
added
help wanted
|
We should create a new "Blob URL" page under https://developer.mozilla.org/en-US/docs/Web/URI/Schemes so we can explain everything about blob URLs in more detail. |
5 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
MDN URL
https://developer.mozilla.org/en-US/docs/Web/API/URL/createObjectURL_static
What specific section or headline is this issue about?
Usage notes
What information was incorrect, unhelpful, or incomplete?
Firefox has already restricted Blob URL fetches by Storage Key, and Safari has restricted Blob URL fetches by top-level origin (with the possibility of using top-level site and/or Storage Keys as well). Chrome is in the process of implementing this as well and we are making corresponding changes to the corresponding specs.
Also, we'd like to enforce noopener on navigations to Blob URLs where the site that created the Blob URL is cross-site from the top-level site of the document navigating to the Blob URL. Safari currently implements this (although using origin instead of site) and Firefox has expressed support for implementing this as well.
What did you expect to see?
Similar to the note that exists on https://developer.mozilla.org/en-US/docs/Web/API/Broadcast_Channel_API, it'd be helpful to indicate how Blob URL usage is restricted due to storage partitioning.
Do you have any supporting links, references, or citations?
w3c/FileAPI#153
w3c/FileAPI#201
whatwg/fetch#1783
Do you have anything more you want to share?
No response
The text was updated successfully, but these errors were encountered: