search

WICG / anonymous-iframe

Give developers the ability to embed third party HTML documents inside a new and ephemeral context. In return, COEP embedding rules can be relaxed. Thanks to anonymous iframe, developers using COEP can now embed third party content that do not.
Other
25 stars 9 forks source link

`window.anonymous` usage in the wild #1

Closed miketaylr closed 2 years ago

miketaylr commented 2 years ago

Have y'all done any analysis of how common window.anonymous is on the web, maybe via HTTP Archive?

A quick search finds https://github.com/firebase/firebase-js-sdk/search?q=window.anonymous&type=code, which might create some confusing test errors down the road. Not sure that's a deal-breaker, but just flagging for awareness.

ArthurSonzogni commented 2 years ago

Thanks!

Initially, this was document.anonymous, but we realized during the implementation that this was more a property of the window instead of its documents. See: https://github.com/camillelamy/explainers/issues/21

We can still expose document.anonymous and say it returns the document`s responsible window (if any) anonymous attribute.

I will run an HTTP archive query and put the result here once it is known. Thanks again for raising this potential issue!

ArthurSonzogni commented 2 years ago

Here is the public HTTP archive analysis: https://docs.google.com/document/d/1MKGUfGzEEKpll88QspKiwDRWdkOMVh3OOXSrxGWe1Y4/edit# Summary:

ArthurSonzogni commented 2 years ago

We are going to update to a more uncommon name: window.isAnonymousFramed.

miketaylr commented 2 years ago

Sounds good, thanks!

ArthurSonzogni commented 2 years ago

(keeping this open, up until it gets fixed in the spec and the implementation)

mikewest commented 2 years ago

Grammar nit: isAnonymouslyFramed sounds better to me. :)

ArthurSonzogni commented 2 years ago

Resolved in both Chrome and the specification thanks to @iVanlIsh