- From: camillelamy <notifications@github.com>
- Date: Tue, 03 Aug 2021 06:07:07 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/639/891831275@github.com>
Hi @hadleybeeman! I have put together another [doc](https://github.com/camillelamy/explainers/blob/main/cross-origin-isolation-deployment.md) explaining the wider problems we are facing with crossOriginIsolation. To sum it up: developers that currently use SharedArrayBuffers on Chrome need to migrate to crossOriginIsolation or risk losing access to SABs and their websites stop functioning. The migration to crossOriginIsolation is hard, in particular deploying COEP. COEP requires every single embedded frame to have deployed COEP to load or be blocked. This particularly complex when embedding legacy content. This proposal tackles this issue by adding an attribute on iframes that waves the COEP deployment requirement in exchange of additional restrictions on the frame. This way sites that are currently using SABs and have legacy/arbitrary 3rd party content can keep functioning. Real world examples are Google Earth or any site using both SABs and Google Ads for example. We know that there other proposal around iframes going on, [Fenced Frames](https://github.com/shivanigithub/fenced-frame) for example. We have been looking at the interaction between Fenced Frames and our proposal, and we'd be happy to discuss our conclusions and look at the interaction with other iframe-related proposals. I have also updated the Security and Privacy questionaire. However, I'd like to point out that many of the questions are yes/no questions, so there often isn't that many more details to give beyond "no the feature is not doing that". -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/639#issuecomment-891831275
Received on Tuesday, 3 August 2021 13:07:20 UTC