Skip to content

Commit

Permalink
Update window.anonymous to window.isAnonymouslyFramed
Browse files Browse the repository at this point in the history 
As discussed in WICG/anonymous-iframe#1, we updated the name of the attribute to `window.isAnonymouslyFramed`.
TODO(lyf): update the image.
  • Loading branch information
@iVanlIsh
iVanlIsh authored May 6, 2022
1 parent ba70ae1 commit 70378d1
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions anonymous_iframes.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

- **Author**: [email protected], [email protected]
- **Created**: 2021-05-06
- **Last Updated**: 2021-11-10
- **Last Updated**: 2022-05-06

## Table of content
- [A problem](#a-problem)
Expand Down Expand Up @@ -78,7 +78,7 @@ In parallel with the iframe attribute, we plan to add a new Fetch Metadata heade
* `Sec-Fetch-COEP: credentialless`: the resource will be rendered in a context with a COEP of credentialless.
* `Sec-Fetch-COEP: anonymous`: the resource will be rendered in an anonymous iframe.

Additionally, we plan on adding a `window.anonymous` read-only attribute. By
Additionally, we added a `window.isAnonymouslyFramed` read-only attribute. By
default, this will return `false`. In anonymous iframes it will return `true`,
allowing a document to check whether it was loaded in an anonymous iframe.

Expand Down Expand Up @@ -198,7 +198,7 @@ This solution runs into compatibility issues:

#### What information might this feature expose to Web sites or other parties, and for what purposes is that exposure necessary?

The `Sec-Fetch-COEP` header exposes the COEP of the environment a resource will be rendered in. This allows a server to decline answering a request if they do not want their resource to be embedded in a more dangerous environment. The `window.anonymous` method exposes whether a document is loaded in an anonymous iframe or not, allowing a document to change its behavior depending on the availability of existing credentials or stored resources.
The `Sec-Fetch-COEP` header exposes the COEP of the environment a resource will be rendered in. This allows a server to decline answering a request if they do not want their resource to be embedded in a more dangerous environment. The `window.isAnonymouslyFramed` method exposes whether a document is loaded in an anonymous iframe or not, allowing a document to change its behavior depending on the availability of existing credentials or stored resources.

#### Do features in your specification expose the minimum amount of information necessary to enable their intended uses?

Expand Down

0 comments on commit 70378d1

Please sign in to comment.