- From: Arthur Sonzogni <notifications@github.com>
- Date: Wed, 27 Jul 2022 02:14:56 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/742/1196473390@github.com>
For this use case in particular, I will ask them to reply directly here. My recollection is that for publishers who want to continue monetizing their site and use [SharedArrayBuffers](https://web.dev/coop-coep/), they have no choice other than registering to the [reverse origin trial](https://developer.chrome.com/origintrials/#/view_trial/303992974847508481). It was meant to be temporary, we need to close it. If no solution is provided, they will be broken. We identified anonymous iframe as a solution. For ads, knowing if COEP is enabled allows to know beforehand the <iframe> will be blocked by COEP, and use anonymous iframe as an alternative. If COEP reflection is canceled here, I see those alternatives: 1. Use anonymous iframe unconditionally. This is almost similar to getting a stronger version of [storage partitioning](https://privacycg.github.io/storage-partitioning/) in advance + losing autofill + losing popups with opener. There might be also some performance cost due to additional partitioning. I am not sure they can afford it. 2. Use the polyfill described above. Issues are delay and noises in devtools/reports. 3. Using `window.crossOriginIsolated` as a proxy for `window.crossOriginEmbedderPolicy`. Publisher using COEP without COOP would be left without a solution. 4. Ask individual publisher to expose their COEP state to the ads script. -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/742#issuecomment-1196473390 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/742/1196473390@github.com>
Received on Wednesday, 27 July 2022 09:15:09 UTC