You can, I’ll note, make this square in Chrome as of January by setting iframe_attrs: [credentialless: "true"] as part of a given Endpoint’s :live_reload configuration, but that’s only true in Chrome. This seems to me like the more back-of-the-fence fix.
This is a little niche, but I think maybe this:
https://github.com/phoenixframework/phoenix_live_reload/blob/43b923b2d909b8af55e4b905fecab7aabef43879/lib/phoenix_live_reload/live_reloader.ex#L128
… should be expanded to:
… in order to allow for the target to set a
Cross-Origin-Embedder-Policy
ofrequire-corp
.You can, I’ll note, make this square in Chrome as of January by setting
iframe_attrs: [credentialless: "true"]
as part of a given Endpoint’s:live_reload
configuration, but that’s only true in Chrome. This seems to me like the more back-of-the-fence fix.