-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Iframe credentialless (WIP) #7695
base: main
Are you sure you want to change the base?
Conversation
Explainer: https://github.com/camillelamy/explainers/blob/main/anonymous_iframes.md Chrome status: https://chromestatus.com/feature/5729461725036544 Summary: - Define the anonymous flag for iframe and Window. - Inheritance is defined similarly to sandbox. However it do not propage toward popups. - Popup opened from anonymous Window use 'noopener'. - Navigation in anonymous iframe are allowed, even if the embedder has COEP:require-corp|credentialless and the response do not. - Define the `page anonymous nonce`, it is used for anonymous Window as an additional keys in: - network-partition-keys, - storage-partition-keys, - cookie-partition-keys This ensures the document is loaded within a new and ephemeral context. This prevents a cross-origin-isolated parent from stealing important data from its child, via a Spectre Attack. - Password autofill must be disabled inside anonymous Window. XXX: implement the corresponding parts on top of: - Fetch => network-partition-keys - StoragePartitioning => storage-partition-keys - CookieHavingIndependantState => cookie-partition-key - Worker.
149b30f
to
c64d811
Compare
This is still WIP. I am not requesting a review now, but you can take a look if you are curious. I still need to figure out how to integrate this into the "future" spec for storage-partitioning, CHIPS, etc... |
I like this plan a lot. |
Explainer && WIP specs: https://arthursonzogni.github.io/anonymous-iframe/#explainer Summary: - Add `partition-nonce` to network-partition-key. The value is filled from the HTML specification. Anonymous iframe require updating several specifications: - HTML => whatwg/html#7695 - Fetch => (this) - CHIPS (cookie-having-independent-partition-state) => XXX - Storage-partitioning => XXX
Explainer & specs (WIP) https://arthursonzogni.github.io/anonymous-iframe/#explainer Summary: - Add `partition-nonce` to network-partition-key. The value is filled from the HTML specification. Anonymous iframe require updating several specifications: - HTML => whatwg/html#7695 - Fetch => (this) - CHIPS (cookie-having-independent-partition-state) => XXX - Storage-partitioning => XXX
Explainer & specs (WIP) https://arthursonzogni.github.io/anonymous-iframe/ This patch adds the `environment`'s `partition-nonce` to the `storage-key`. from the HTML specification. Anonymous iframe require updating several specifications: - HTML => whatwg/html#7695 - Fetch => whatwg/fetch#1416 - Storage => (this) - CHIPS/Cookies => XXX
Not sure if this is the best place to ask, but: Is the (potentially relevant crbug, as pointed out in the above issue) |
Thanks for your message! I made a quick demo on:https://anonymous-iframe.glitch.me/srcdoc.html
I don't think it can help you. The iframe credentialless (aka anonymous iframe) is still running inside the same agent cluster. So it is executed on the same thread. |
Ah, gotcha - thanks for the clarification!
I may be misunderstanding something (as you can tell I don't know a lot about this proposal), but I tried executing (btw, I love your demo - not sure if you're using a template or if you designed it yourself, but it's a really good/clear demonstration! very easy to understand) |
Indeed. I think this is specific to the origin trial, and it isn't going to show up for the final release. The origin trial token is valid only for a given origin. I think the origin trial component might be checking against the URL's origin instead of the window.origin. In this case "about:srcdoc" doesn't match. Still worth double checking. I will add additional WPTs.
Thank you! |
Explainer and spec:
https://arthursonzogni.github.io/anonymous-iframe/
Iframe credentialless requires updating several specifications:
Summary:
toward popups.
COEP:require-corp|credentialless and the response do not.
page credentialless nonce
, it is used for credentialless Window asan additional keys in:
This ensures the document is loaded within a new and ephemeral
context. This prevents a cross-origin-isolated parent from stealing
important data from its child, via a Spectre Attack.
(See WHATWG Working Mode: Changes for more details.)
/browsers.html ( diff )
/browsing-the-web.html ( diff )
/history.html ( diff )
/iframe-embed-object.html ( diff )
/index.html ( diff )
/indices.html ( diff )
/infrastructure.html ( diff )
/origin.html ( diff )
/webappapis.html ( diff )
/window-object.html ( diff )
/workers.html ( diff )
/worklets.html ( diff )