Iframe credentialless gives developers a way to load documents in third party iframe using a new and ephemeral context. In return, the Cross-Origin-Embedder-Policy (COEP) embedding rules can be lifted.
This way, developers using COEP can now embed third party iframes that do not.
⚠️ This used to be namedAnonymous iframe
, before addressing #5
- The problem
- Explainer
- Alternatives considered
- Tests
- Demo
- Specification
- Security considerations
- Privacy considerations
- Self-Review Questionnaire: Security and Privacy
You are welcome to contribute!
Under development: Feature status
The WIP implementation can be tried, using the command line flags:
google-chrome-beta --enable-blink-features=AnonymousIframe --enable-features=PartitionedCookies
Check the Demo
Implementation tracker: https://crbug.com/1226469
Fill bugs, under the
Blink>SecurityFeature>AnonymousIframe
component.
- Request for position: mozilla/standards-positions#628 (pending)
- Request for position: https://lists.webkit.org/pipermail/webkit-dev/2022-April/032205.html (pending)
- Request for posiiton: WebKit/standards-positions#45 (pending)