Iframe credentialless

Iframe credentialless gives developers a way to load documents in third party iframe using a new and ephemeral context. In return, the Cross-Origin-Embedder-Policy (COEP) embedding rules can be lifted.

This way, developers using COEP can now embed third party iframes that do not.

⚠️ This used to be named Anonymous iframe, before addressing #5

Documents

The problem
Explainer
Alternatives considered
Tests
Demo
Specification
Security considerations
Privacy considerations
Self-Review Questionnaire: Security and Privacy

Contribute

You are welcome to contribute!

Issues
Discussion
Pull requests

Stakeholder status / feedback

Chrome

Under development: Feature status

The WIP implementation can be tried, using the command line flags:

google-chrome-beta --enable-blink-features=AnonymousIframe --enable-features=PartitionedCookies

Check the Demo

Implementation tracker: https://crbug.com/1226469

Fill bugs, under the Blink>SecurityFeature>AnonymousIframe component.

Firefox

Request for position: mozilla/standards-positions#628 (pending)

Safari:

Request for position: https://lists.webkit.org/pipermail/webkit-dev/2022-April/032205.html (pending)
Request for posiiton: WebKit/standards-positions#45 (pending)

W3C Technical Architecture Group:

design review

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Iframe credentialless

Documents

Contribute

Stakeholder status / feedback

Chrome

Firefox

Safari:

W3C Technical Architecture Group:

Files

README.md

Latest commit

History

README.md

File metadata and controls

Iframe credentialless

Documents

Contribute

Stakeholder status / feedback

Chrome

Firefox

Safari:

W3C Technical Architecture Group: