Skip to content

Note that Blob URL usage is restricted due to storage partitioning #36542

New issue
New issue
Closed
#40508
Closed
Note that Blob URL usage is restricted due to storage partitioning#36542
#40508
Labels
Content:WebAPIWeb API docshelp wantedIf you know something about this topic, we would love your help!
@recvfrom

Description

@recvfrom
recvfrom
opened on Oct 28, 2024

MDN URL

https://developer.mozilla.org/en-US/docs/Web/API/URL/createObjectURL_static

What specific section or headline is this issue about?

Usage notes

What information was incorrect, unhelpful, or incomplete?

Firefox has already restricted Blob URL fetches by Storage Key, and Safari has restricted Blob URL fetches by top-level origin (with the possibility of using top-level site and/or Storage Keys as well). Chrome is in the process of implementing this as well and we are making corresponding changes to the corresponding specs.

Also, we'd like to enforce noopener on navigations to Blob URLs where the site that created the Blob URL is cross-site from the top-level site of the document navigating to the Blob URL. Safari currently implements this (although using origin instead of site) and Firefox has expressed support for implementing this as well.

What did you expect to see?

Similar to the note that exists on https://developer.mozilla.org/en-US/docs/Web/API/Broadcast_Channel_API, it'd be helpful to indicate how Blob URL usage is restricted due to storage partitioning.

Do you have any supporting links, references, or citations?

w3c/FileAPI#153
w3c/FileAPI#201
whatwg/fetch#1783

Do you have anything more you want to share?

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    Content:WebAPIWeb API docshelp wantedIf you know something about this topic, we would love your help!

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions