search

WICG / anonymous-iframe

Give developers the ability to embed third party HTML documents inside a new and ephemeral context. In return, COEP embedding rules can be relaxed. Thanks to anonymous iframe, developers using COEP can now embed third party content that do not.
Other
25 stars 9 forks source link

Policy container #6

Open annevk opened 2 years ago

annevk commented 2 years ago

Should the anonymous bit be stored on a policy container? It seems like it is meant to inherit into all the relevant places.

ArthurSonzogni commented 2 years ago

I think it make sense.

I was modeled similarly to sandbox. Chrome is moving the document's sandbox into the document's PolicyContainer. It makes sense this applies to the anonymous bit as well.

Actually, this came up during a code review: https://chromium-review.googlesource.com/c/chromium/src/+/3634527/18/third_party/blink/renderer/core/loader/frame_loader.cc and a bug was created for it: https://bugs.chromium.org/p/chromium/issues/detail?id=1325733