230550 2021-09-21 05:50:31 -0700 Implement COEP:credentialless 2025-12-12 08:09:01 -0800 1 1 1 Unclassified WebKit Page Loading WebKit Nightly Build All All NEW InRadar P2 Enhancement --- 1 arthursonzogni webkit-unassigned agektmr annevk beidson cdumez dpaddock hypertree jacob kevin_neal leaden_story_0j martin.lundberg me webkit-bug-importer webkitbugzilla oldest_to_newest 1795520 0 arthursonzogni 2021-09-21 05:50:31 -0700 New feature request. Filling implementation bug, in order to land spec PR: - https://github.com/whatwg/html/pull/6638 - https://github.com/whatwg/fetch/pull/1229 Explainer: - https://github.com/WICG/credentiallessness Request for position: - Chrome: https://groups.google.com/a/chromium.org/g/blink-dev/c/Zr9n9_LG7s4/m/4y-b481hBAAJ - Wekit: https://lists.webkit.org/pipermail/webkit-dev/2021-June/031898.html - Firefox: https://github.com/mozilla/standards-positions/issues/539 1795587 1 cdumez 2021-09-21 09:13:25 -0700 This adds a lot of complexity and seems to have quite a few pre-requisites (Private Network Access, ORB, anonymous iframes). I am not convinced it is worth the effort at the moment. 1795591 2 arthursonzogni 2021-09-21 09:27:46 -0700 Yes, that's totally understandable ;-) Note that anonymous iframe is not a prerequisite. 1795608 3 webkit-bug-importer 2021-09-21 09:47:14 -0700 <rdar://problem/83355925> 1944677 4 hypertree 2023-03-28 10:25:31 -0700 From Firefox commit it does not seem like that much work. https://bugzilla.mozilla.org/show_bug.cgi?id=1731778 Neither Firefox nor Google had PAN (Personal Network Access) or ORB implemented but they shipped because this is something of tremendous value. As coep: required-corp is implemented today - its too restrictive and you lose many features like third party payment (say Stripe), or Zendesk Help plugins. So without credentialless: the choice is between SharedArayBuffer (SAB)/PTHREADS and core site functions. And SAB/PTHREADS loses - which is unfortunate. To me all the great work done on SAB/THREADS in Safari of not much help without credentialless. 1954036 5 hypertree 2023-05-09 07:42:54 -0700 Please note this does not just block SharedArraybuffer/Atotmics/Pthreads - even Origin Private Filesystem (OPFS) can not be used without this header (unless off-course you are happy with coep: required-corp). Not having OPFS especially is an obstacle (no offline SQLite etc. - you need unlimited amount of memory) Please consider this a priority. Thank you. 2086486 6 jacob 2025-01-10 15:40:31 -0800 Hi there, any update on this issue? I work on a complex web app that, and we would love to start using SharedArrayBuffer but cannot use `require-corp` without breaking loading of some other resources. Some reasons that this feature is needed are described quite thoroughly in this blog post (which is now ~3 years old): https://blog.stackblitz.com/posts/cross-browser-with-coop-coep/