-
Notifications
You must be signed in to change notification settings - Fork 22.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New Glossary: Cross-Origin isolation #37287
Comments
I'm supportive of this idea. If we do this it should take much of the information from https://developer.mozilla.org/en-US/docs/Web/API/Window/crossOriginIsolated , and link that and the Worker equivalent. It should also link the https://blog.stackblitz.com/posts/cross-browser-with-coop-coep/ , which while a little out of data w.r.t. browser support is a really good overview of the practical implications of all this stuff for real users at scale. My only concern is what we leave in the I think we just move most of the information. |
I am planning to write something long-form about this whole issue (xs leaks, Spectre, COOP, COEP etc). I'm not that convinced a glossary entry is quite the right vehicle as it's kind of a complicated topic. But since I'm not going to get around to this any time soon, so I'm not going to stop anyone writing a glossary entry in the meantime. (In general I'm not sure when we should decide to make something a glossary entry or something else. I think the ideal glossary entry is something pretty short that really defines some piece of technical jargon, especially then it's cross-technology. Sometimes I think we have glossary entries that ought to be longer-form, and e.g. I just deleted the "clickjacking" glossary entry in favour of a guide page, and will probably try to do the same with the XSS page. But maybe I shouldn't? Maybe we should have short glossary pages that point to long-form explanations? I'm not sure.) |
I agree Glossary should only be for concepts that cannot be adequately placed anywhere else. For example, "ASCII", "Git", or "OOP" are good candidates. However, we should prefer to colocate concepts with their references wherever possible to avoid making glossary bloat up infinitely. |
Those are reasonable views to take, and philosophically I agree. Pragmatically I think it would be good now to reduce the duplication, and a glossary topic is a reasonable solution for that. When/if a longer form topic exists in the HTTP space for this, it could replace such a glossary topic - provided it still provides a concise link end point for what cross-origin isolation means. Or we could wait. |
I would think |
But note it is two pages: The cross-origin isolation glossary page can store info about how to be cross-origin isolation and features managed by cross-origin isolation, etc. Then those info could remove from the two pages and simply and a link to the glossary page. So this can reduce the duplicated info. see also #6856 |
It doesn't have to. Many |
MDN URL
none
What specific section or headline is this issue about?
No response
What information was incorrect, unhelpful, or incomplete?
add a glossary for Cross-Origin isolation, see #36780
What did you expect to see?
same as above
Do you have any supporting links, references, or citations?
https://blog.stackblitz.com/posts/cross-browser-with-coop-coep/ a link for reference
Do you have anything more you want to share?
No response
The text was updated successfully, but these errors were encountered: