whatwg · domenic · Aug 12, 2020 · Jul 22, 2020 · Jul 28, 2020 · Aug 5, 2020
diff --git a/source b/source
@@ -4197,6 +4197,10 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
     <li>"<dfn data-x="autoplay-feature"><code data-x="">autoplay</code></dfn>", which has a <span
     data-x="concept-default-allowlist">default allowlist</span> of <code
     data-x="">'self'</code>.</li>
+    <li>"<dfn data-x="cross-origin-isolated-permission"><code
+    data-x="">cross-origin-isolated</code></dfn>", which has a <span
+    data-x="concept-default-allowlist">default allowlist</span> of <code
+    data-x="">'self'</code>.</li>
     <li>"<dfn data-x="document-domain-feature"><code data-x="">document-domain</code></dfn>", which
     has a <span data-x="concept-default-allowlist">default allowlist</span> of <code
     data-x="">*</code>.</li>
@@ -92550,8 +92554,27 @@ document.body.appendChild(frame)</code></pre>
   origin">serialized</span>.</p>
 
   <p>The <dfn data-x="dom-crossOriginIsolated"><code>crossOriginIsolated</code></dfn> getter steps
-  are to return the <span>surrounding agent</span>'s <span>agent cluster</span>'s <span>cross-origin
-  isolated</span>.</p>
+  are to return true if all of the following conditions are true, and false otherwise.</p>
+
+  <ul>
+   <li><p><span>Surrounding agent</span>'s <span>agent cluster</span>'s <span>cross-origin
+   isolated</span> is true.</p></li>
+
+   <li>
+    <p>Any of the following conditions are true:</p>
+
+    <ul>
+     <li><p><span>this</span> is a <code>Window</code> object and its <span
+     data-x="concept-document-window">associated <code>Document</code></span> is <span>allowed to
+     use</span> the "<code
+     data-x="cross-origin-isolated-permission">cross-origin-isolated</code>" feature.</p></li>
+
+     <li><p><span>this</span> is a <code>WorkerGlobalScope</code> object and its asoociated <span
+     data-x="concept-WorkerGlobalScope-cross-origin-isolated-permission">cross-origin-isolated
+     permission</span> is true.</p></li>
+    </ul>
+   </li>
+  </ul>
 
   </div>
 
@@ -98975,6 +98998,11 @@ interface <dfn>WorkerGlobalScope</dfn> : <span>EventTarget</span> {
   data-dfn-for="WorkerGlobalScope" data-x="concept-WorkerGlobalScope-module-map">module map</dfn>.
   It is a <span>module map</span>, initially empty.</p>
 
+  <p>A <code>WorkerGlobalScope</code> object has an associated <dfn data-export=""
+  data-dfn-for="WorkerGlobalScope"
+  data-x="concept-WorkerGlobalScope-cross-origin-isolated-permission">cross-origin-isolated
+  permission</dfn> boolean, initially true.</p>
+
   </div>
 
   <dl class="domintro">
@@ -99367,6 +99395,27 @@ interface <dfn>SharedWorkerGlobalScope</dfn> : <span>WorkerGlobalScope</span> {
     </ol>
    </li>
 
+   <li>
+    <p>Otherwise:</p>
+
+    <ol>
+     <li><p>If <var>owner</var> is a <code>Window</code> object, then set <var>worker global
+     scope</var>'s <span
+     data-x="concept-WorkerGlobalScope-cross-origin-isolated-permission">cross-origin-isolated
+     permission</span> to whether <var>owner</var>'s <span
+     data-x="concept-document-window">associated <code>Document</code></span> is <span>allowed to
+     use</span> the "<code
+     data-x="cross-origin-isolated-permission">cross-origin-isolated</code>" feature.</p></li>
+
+     <li><p>If <var>owner</var> is a <code>WorkerGlobalScope</code> object, then set <var>worker
+     global scope</var>'s <span
+     data-x="concept-WorkerGlobalScope-cross-origin-isolated-permission">cross-origin-isolated
+     permission</span> to <var>owner</var>'s <span
+     data-x="concept-WorkerGlobalScope-cross-origin-isolated-permission">cross-origin-isolated
+     permission</span>.</p></li>
+    </ol>
+   </li>
+
    <li><p>Let <var>destination</var> be "<code data-x="">sharedworker</code>" if <var>is
    shared</var> is true, and "<code data-x="">worker</code>" otherwise.</p></li>
 
@@ -99410,6 +99459,13 @@ interface <dfn>SharedWorkerGlobalScope</dfn> : <span>WorkerGlobalScope</span> {
      <span data-x="parse-referrer-policy-header">parsing the `<code>Referrer-Policy</code>`
      header</span> of <var>response</var>.</p></li>
 
+     <li><p>If <var>is shared</var> is false and <var>response</var>'s
+     <span data-x="concept-response-url">url</span>'s <span
+     data-x="concept-url-scheme">scheme</span> is "<code data-x="">data</code>", then set
+     <var>worker global scope</var>'s <span
+     data-x="concept-WorkerGlobalScope-cross-origin-isolated-permission">cross-origin-isolated
+     permission</span> to false.
+
      <li><p>If <var>response</var>'s <span data-x="concept-response-url">url</span>'s <span
      data-x="concept-url-scheme">scheme</span> is a <span>local scheme</span>, then set
      <var>worker global scope</var>'s <span