Discussed in the API owners meeting yesterday. It sounds like work is ongoing to fully resolve issue #5 <https://github.com/WICG/anonymous-iframe/issues/5> including a good discussion at WebAppSec WG yesterday (summary in the Mozilla standards position issue <https://github.com/mozilla/standards-positions/issues/628>). Arthur, let us know when you think decisions are captured sufficiently for API owners to re-evaluate.
Thanks, Rick On Mon, Nov 14, 2022 at 11:22 AM Zheng Wei <zhen...@google.com> wrote: > Google Display Ads (GPT specifically) has tried the OT and is satisfied > with the feature's behavior. Looking forward to it! > > On Thursday, November 10, 2022 at 10:06:35 AM UTC-5 Smaug wrote: > >> On 11/10/22 10:33, 'Arthur Sonzogni' via blink-dev wrote: >> > Hi blink-dev, >> > >> > * >> > * >> > >> > We decided to address issue #5 < >> https://github.com/WICG/anonymous-iframe/issues/5>: “rename anonymous >> iframe into iframe credentialless”. We will >> > rename <iframe anonymous>to <iframe credentialless>. >> > >> > For this adjustment to take place, the new plan is to ship in M110 >> instead of M109. We do not think the origin trial will need to be extended, >> since >> > partners have been or will be able to test up to M108. Therefore, there >> will be a gap between the original trial and launch version. >> > >> > However, renaming from anonymous to credentialless will not answer >> Mozilla's core argument. They believe that the feature would be best >> controlled via >> > multiple new sandbox flags. >> >> I don't think anyone from Mozilla has said that. What I have said is that >> the current way to control how iframes work is getting very complicated and >> the new attribute adds yet another mechanism. And if most of the users >> will use both sandbox and credentialless, understanding how those work >> together >> can be rather confusing. Also, credentialless isn't exposing the >> primitives itself, but some unique set of features. I'd rather see >> primitives to be >> exposed and other features built on top of them. >> >> >> -Olli >> >> >> We think it is much less ergonomic and makes the feature harder to >> explain to developers. The integration with sandbox >> > flags has challenging open questions around edge cases, as listed in >> this document >> > < >> https://github.com/WICG/anonymous-iframe/blob/main/mozilla-sandbox-proposal.md>. >> >> > >> > * >> > * >> > >> > Considering this, we think the current solution is a better one. We >> have feedback from partners that it solves their needs. Considering that we >> have >> > no clear feedback Mozilla would be interested in implementing anonymous >> iframes even if they were spelled as sandbox flags, we believe we should >> ship >> > with what we have implemented. >> > >> > >> > -- >> > You received this message because you are subscribed to the Google >> Groups "blink-dev" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an email to blink-dev+...@chromium.org >> > <mailto:blink-dev+...@chromium.org>. >> > To view this discussion on the web visit >> > >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAAzos5GDYwk7ohTD4Eq2TW43hU%3DrHfXsx2V7%2BVK%3DHdKNd02-TA%40mail.gmail.com >> > < >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAAzos5GDYwk7ohTD4Eq2TW43hU%3DrHfXsx2V7%2BVK%3DHdKNd02-TA%40mail.gmail.com?utm_medium=email&utm_source=footer>. >> >> >> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFUtAY8gC_JwdvBhEoNnsudDVRZ40GwHyP84c0_fb0FxymwpkQ%40mail.gmail.com.