Intent to Prototype: Anonymous iframes

Skip to first unread message

Camille Lamy

May 21, 2021, 8:56:30 AM5/21/21
to blink-dev

Contact emails





Anonymous iframes allow to load documents in a COEP page, even if the documents haven't deployed COEP. To make this safe, anonymous iframes cannot use existing credentials and shared storage for their origin. Unlike sandboxed frames, they can use storage APIs and register cookies. However, those credentials and storage can only be shared by documents in anonymous iframes in the page (provided they meet origin restrictions). They will no longer be accessible once the page has navigated.

Blink component



Sites that wish to continue using SharedArrayBuffer must opt-into cross-origin isolation. Among other things, cross-origin isolation will block the use of cross-origin resources and documents unless those resources opt-into inclusion via either CORS or CORP. This behavior ships today in Firefox, and Chrome aims to ship it as well in Chrome 92. The opt-in requirement is generally positive, as it ensures that developers have the opportunity to adequately evaluate the rewards of being included cross-site against the risks of potential data leakage via those environments. It poses adoption challenges, however, as it does require developers to adjust their servers to send an explicit opt-in. This is challenging in cases where there's not a single developer involved, but many. Google Ads, for example, includes third-party content, and it seems somewhat unlikely that they'll be able to ensure that all the ads creators will do the work to opt-into being loadable. It seems clear that adoption of any opt-in mechanism is going to be limited. From a deployment perspective (especially with an eye towards changing default behaviors), it would be ideal if we could find an approach that provided robust-enough protection against accidental cross-process leakage without requiring an explicit opt-in.

Initial public proposal

TAG review

TAG review status



Interoperability and Compatibility

Gecko: No signal

WebKit: No signal

Web developers: No signals

Is this feature fully tested by web-platform-tests?


Flag name


Tracking bug

Link to entry on the Chrome Platform Status

This intent message was generated by Chrome Platform Status.
Reply all
Reply to author
0 new messages