arthurs...@chromium.org, cl...@chromium.org
https://github.com/WICG/anonymous-iframe
https://wicg.github.io/anonymous-iframe/#specification
https://docs.google.com/document/d/1poI75BaQ9aqcMGJn_K01-QHsQQbEOwRWvg3Af4VWTmY/edit
Anonymous iframes give developers a way to load documents in third party iframes using new and ephemeral contexts.
Anonymous iframes are a generalization of COEP credentialless to support 3rd party iframes that may not deploy COEP. Like with COEP credentialless, we replace the opt-in of cross-origin subresources by avoiding to load non-public resources. This will remove the constraint that 3rd party iframes must support COEP in order to be embedded in a COEP page and unblock developers looking to adopt cross-origin-isolation.
This way, developers using COEP can now embed third party iframes that do not.
coep, cross-origin-embedder-policy, iframe, anonymous
https://github.com/w3ctag/design-reviews/issues/639
Issues addressed
https://docs.google.com/document/d/1WzOrxIQnq9sTFkou9P8GshrQSeyO3MBdSvYqJjP410Q
The main risk is that anonymous iframes fail to become an interoperable part of the web platform if other browsers do not implement the API.
Gecko: No signal (https://github.com/mozilla/standards-positions/issues/628)
They do like the concept of credentialless/anonymous iframes.
However they are suggesting alternative ways of activating the feature. Instead of the `anonymous` attribute, it could potentially be split into 3 new sandbox flags for instance. One about allowing only partitioned storage, one about allowing only no-opener popups, and one about disabling autofill. It is not clear exactly how it would behave with regards to sandbox inheritance, whether it would be understandable to developers, or if introducing a precedent with `disallow-XXX` kind of flag as opposed to `allow-XXX` would be problematic.
WebKit: No signal (https://lists.webkit.org/pipermail/webkit-dev/2022-April/032205.html)
Second request on Github: https://github.com/WebKit/standards-positions/issues/45
Web developers: Positive (https://github.com/WICG/proposals/issues/53) Zoom, Google Display Ads, StackBlitz are supportive. Several other developers also expressed their need to get anonymous iframes to embed 3rd party iframes inside crossOriginIsolated contexts.
Other signals: N/A
None.
A blog post explains how to use the feature:
https://groups.google.com/a/chromium.org/g/blink-dev/c/-7H19EHTenU/m/oWfFm21eAAAJ
We don't expect developers having difficulties using it as-is. It only requires adding the "anonymous" attribute to <iframe>.
See the threat model doc:
https://wicg.github.io/anonymous-iframe/#security
http://go/anonymous-iframe-threat-model
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
No risks identified. This is platform independent. WebView is not different.
Anonymous iframes are designed to avoid breaking iframes. It does not introduce new kinds of failures.
In the devtool panel, when an iframe is blocked by COEP, Anonymous iframes will be suggested as a potential solution.
The JS API: `window.anonymouslyFramed` already reflects whether a document is embedded inside an anonymous iframe or not. This is not reflected in devtool yet, but it could be in the future, if we believe this is worth it.
Yes
This is a web platform feature. Consistent behavior among all the platforms is important.
Weblayer is not supported, because disabling autofill hasn't been implemented.
Yes
https://anonymous-iframe.glitch.me
--enable-blink-features=AnonymousIframe
False
https://bugs.chromium.org/p/chromium/issues/detail?id=1211800
https://bugs.chromium.org/p/chromium/issues/detail?id=1342928
WebFeature::kAnonymousIframe https://chromestatus.com/metrics/feature/timeline/popularity/4219
No dependencies.
https://anonymous-iframe.glitch.me
Chrome for desktop 109
OriginTrial desktop last 108
OriginTrial desktop first 106
DevTrial on desktop 105
Chrome for Android 109
OriginTrial Android last 108
OriginTrial Android first 106
DevTrial on Android 105
Android Webview 109
OriginTrial webView last 108
OriginTrial webView first 106
Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (e.g. links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (e.g., changing to naming or structure of the API in a non-backward-compatible way).
N/A
https://chromestatus.com/feature/5729461725036544
Intent to prototype: https://groups.google.com/a/chromium.org/g/blink-dev/c/CjrLTguZuO4
Intent to Experiment: https://groups.google.com/a/chromium.org/g/blink-dev/c/-7H19EHTenU/m/oWfFm21eAAAJ
Intent to Extend Experiment: https://groups.google.com/a/chromium.org/g/blink-dev/c/-7H19EHTenU/m/oWfFm21eAAAJ
This intent message was generated by Chrome Platform Status.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAAzos5HJbyTDnkf8nu89Q0fnt2E4%3DPNHSen84oxb1UbYdX882w%40mail.gmail.com.
Sorry, one more question: the tests seem to be mostly failing on wpt.fyi even with --enable-experimental-web-platform-features. Do you know why that is? What's the status of the test suite?
A few questions, is there any plan to move the spec code into HTML or
other relevant specs? Do we have PRs for that?
There's another feature called "Fenced frames"
(https://chromestatus.com/feature/5699388062040064) that is currently
being worked on. Wouldn't be nice to explain how anonymous iframes vs
fencedrames are? And if they interact in some way or not? Would
fencedrames need an anonymous attribute at some point? Maybe we could
add some of this information into the explainer.
About the explainer, the one used in the TAG review is:
https://github.com/camillelamy/explainers/blob/main/anonymous_iframes.md
But now it seems to be integrated into the spec
https://wicg.github.io/anonymous-iframe/ which is not very common.
Also
the explainer usually includes the problem, alternatives discussed and
the like, and now they're like separated sections in the spec. Maybe
some reformatting could be useful.
I guess it'd be also nice to ensure we have proper documentation about
this, "anonymous" attribute is not mentioned at MDN:
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe
Hi blink-dev,
We decided to address issue #5: “rename anonymous iframe into iframe credentialless”. We will rename <iframe anonymous> to <iframe credentialless>.
For this adjustment to take place, the new plan is to ship in M110 instead of M109. We do not think the origin trial will need to be extended, since partners have been or will be able to test up to M108. Therefore, there will be a gap between the original trial and launch version.
However, renaming from anonymous to credentialless will not answer Mozilla's core argument. They believe that the feature would be best controlled via multiple new sandbox flags. We think it is much less ergonomic and makes the feature harder to explain to developers. The integration with sandbox flags has challenging open questions around edge cases, as listed in this document.
Considering this, we think the current solution is a better one. We have feedback from partners that it solves their needs. Considering that we have no clear feedback Mozilla would be interested in implementing anonymous iframes even if they were spelled as sandbox flags, we believe we should ship with what we have implemented.
Discussed in the API owners meeting yesterday. It sounds like work is ongoing to fully resolve issue #5 including a good discussion at WebAppSec WG yesterday (summary in the Mozilla standards position issue).
Arthur, let us know when you think decisions are captured sufficiently for API owners to re-evaluate.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFUtAY_q53fj%2BKGD0sVBkPR8waqq9CwZzp9w9FLLwq-UryGY7w%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfUh3N5jRib7hVKFicubRozdMCHOcb8rOZzM0q%3DHG3ZLeg%40mail.gmail.com.