Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Anonymous iframe: relation with COEP credentialless #18

Open
antosart opened this issue May 19, 2021 · 1 comment
Open

Anonymous iframe: relation with COEP credentialless #18

antosart opened this issue May 19, 2021 · 1 comment

Comments

@antosart
Copy link

Should an iframe loaded inside a page with COEP: credentialless be automatically anonymous, or does it have to specify the attribute credentials=omit explicitly?

The former matches better the behaviour of other subresources and could be a bit easier to deploy.

But if we go with the former, would that be a way to override it, like specifying credentials=include?
@camillelamy
Copy link
Owner

Right now, the two concepts are different. An iframe embedded inside a page with COEP credentialless is not anonymous, unless explicitly declared to be so. Considering that COEP credentialless is meant to be deployed over first-party documents, which might also embed first party iframes, we thought it was not desirable to have those frames be by default anonymous.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@antosart @camillelamy