Summary: | Implement COEP:credentialless | ||
---|---|---|---|
Product: | WebKit | Reporter: | Arthur Sonzogni <arthursonzogni> |
Component: | Page Loading | Assignee: | Nobody <webkit-unassigned> |
Status: | NEW --- | ||
Severity: | Enhancement | CC: | agektmr, annevk, beidson, cdumez, dpaddock, hypertree, kevin_neal, leaden_story_0j, webkit-bug-importer |
Priority: | P2 | Keywords: | InRadar |
Version: | WebKit Nightly Build | ||
Hardware: | All | ||
OS: | All |
Description
Arthur Sonzogni
2021-09-21 05:50:31 PDT
This adds a lot of complexity and seems to have quite a few pre-requisites (Private Network Access, ORB, anonymous iframes). I am not convinced it is worth the effort at the moment. Yes, that's totally understandable ;-) Note that anonymous iframe is not a prerequisite. From Firefox commit it does not seem like that much work. https://bugzilla.mozilla.org/show_bug.cgi?id=1731778 Neither Firefox nor Google had PAN (Personal Network Access) or ORB implemented but they shipped because this is something of tremendous value. As coep: required-corp is implemented today - its too restrictive and you lose many features like third party payment (say Stripe), or Zendesk Help plugins. So without credentialless: the choice is between SharedArayBuffer (SAB)/PTHREADS and core site functions. And SAB/PTHREADS loses - which is unfortunate. To me all the great work done on SAB/THREADS in Safari of not much help without credentialless. Please note this does not just block SharedArraybuffer/Atotmics/Pthreads - even Origin Private Filesystem (OPFS) can not be used without this header (unless off-course you are happy with coep: required-corp). Not having OPFS especially is an obstacle (no offline SQLite etc. - you need unlimited amount of memory) Please consider this a priority. Thank you. |