Re: [w3ctag/design-reviews] COEP reflection (Issue #742)

Hey @hadleybeeman and @atanassov!

This feature (like [`Window.isSecureContext`](https://html.spec.whatwg.org/multipage/webappapis.html#dom-issecurecontext-dev), [`Window.crossOriginIsolated`](https://html.spec.whatwg.org/multipage/webappapis.html#dom-crossoriginisolated-dev), and [`Document.permissionsPolicy`](https://www.w3.org/TR/permissions-policy-1/#dom-document-permissionspolicy), etc.) aims to provide a pages' author with information about the security properties a given page has opted-into. These properties govern certain subtle aspects of the page's behavior, and potentially impose requirements on resources the page attempts to embed. @ArthurSonzogni's explainer lays out a few of those potential decision points in the "[Motivating Use Cases](https://github.com/ArthurSonzogni/coep-reflection#motivating-use-cases)" section.

While I appreciate your laser-focus on the end user, this feature's impact on the users' experience is quite attenuated, as it aims to provide developers with information that helps them construct a page in a reasonable way by understanding the constraints within which they're working. This is particularly relevant for libraries, ads, widgets, etc. that need to function correctly in a wide range of environments, but it's certainly also useful for authors aiming to gradually migrate towards more secure setups, such that they might be responsible both for pages that assert a COEP, and pages that don't.

Does that help?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/742#issuecomment-1184104009
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/742/1184104009@github.com>