Incompatible with a CSP sandbox about fenced-frame HOT 4 CLOSED

Yes this is intended.

Why does the fenced frame require all the permissions set for the topmost frame?

It does not require "all the permissions". Please see https://github.com/WICG/fenced-frame/blob/master/explainer/README.md#security-considerations which points to a document that describes in detail which sandbox flags must be allowed for an embedding environment to be considered suitable for a fenced frame. At the moment the set is static across fenced frames but will soon be actually defined by each config-generating API (i.e., Protected Audience and Shared Storage at the moment), who define which sandbox flags must be enabled for a given FencedFrameConfig object to load in an environment. These considerations are made based on what the content represented by each FencedFrameConfig expects to be able to do in its environment.

from fenced-frame.

Thanks for the detailed answer! It's just that currently we can't use sandbox for the topmost window., because AdSense code (https://securepubads.g.doubleclick.net/static/topics/topics_frame.html) can't create fenced frame.

from fenced-frame.

You can use CSP sandbox flags, just limited to a certain set of flags. If we allowed any flags, including ones that prevented ads from doing what they expect or need to do, this could be used as a trivial communication channel between the top page and the ad, which harms user privacy and is precisely the thing we're trying to prevent with this proposal. If possible, using a more lenient set of flags would be the best way forward.

from fenced-frame.

I'm going to close this since I don't think there is any action we can take here that won't compromise user privacy. Please feel free to comment further or re-open the issue if you'd like to continue the dialogue, as we're happy to help further if we can.

from fenced-frame.