Sure, done https://groups.google.com/a/chromium.org/g/blink-dev/c/V2exDBMXw3U
On Mon, Nov 21, 2022 at 2:45 PM Yoav Weiss <yoavwe...@chromium.org> wrote: > Apologies for missing this! Can you send a new email with an extension > request, so that this will get properly tracked by our tooling? Thanks!! > > On Mon, Nov 21, 2022 at 2:43 PM Lutz Vahl <v...@chromium.org> wrote: > >> gentle ping. Any feedback on the request or are we good to extend? >> >> On Wed, Nov 9, 2022 at 7:12 PM Lutz Vahl <v...@chromium.org> wrote: >> >>> Hello API owners, >>> >>> With the branch cut around the corner, I'm happy to present the progress >>> made: >>> >>> Summary >>> >>> ‘SharedArrayBuffers’ (SABs) on desktop platforms are restricted to >>> cross-origin isolated environments, matching the behavior we've recently >>> shipped on Android and Firefox. We've performed that change in Chrome 92. A >>> reverse OT was started to give developers the option to use SABs in case >>> they are not able to adopt cross origin isolation yet. >>> >>> Updates >>> >>> We’ve received lots of feedback that adopting COOP/COEP is difficult >>> (details above). Nevertheless we made substantial progress towards removing >>> the usage - Chromestatus is showing that SABs in non-COI context are being >>> used on ~0.027% >>> <https://chromestatus.com/metrics/feature/timeline/popularity/3721> >>> page loads (down from >2.5%). >>> >>> The API owners asked to prove substantial progress to allow an extension >>> until M113 (aimed OT start of the last feature), which I’m happy to >>> share. >>> >>> Once we’ve started the COOP:RP OT I’ll come back to this thread sharing >>> feedback and the final deprecation timeline. >>> >>> >>> 1. >>> >>> *COEP:credentialless <https://github.com/WICG/credentiallessness> - >>> https://crbug.com/1218896 <https://crbug.com/1218896>* >>> >>> COEP:credentialless was shipped in M96. (Adoption is already increasing >>> to 0.0032% >>> <https://chromestatus.com/metrics/feature/popularity#CrossOriginEmbedderPolicyCredentialless> >>> of main pages) >>> >>> >>> 1. >>> >>> *COOP: restrict-properties >>> >>> <https://github.com/hemeryar/explainers/blob/main/coop_restrict_properties.md> >>> - launch bug >>> <https://bugs.chromium.org/p/chromium/issues/detail?id=1347385> - I2E >>> >>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/JrMX5H2PX_o/m/JipeWijACAAJ>* >>> >>> Developers who depend on pop ups to 3P for e.g. identity or payment >>> flows can’t currently deploy cross-origin-isolation. To allow >>> crossOriginIsolated pages to use popup-based OAuth/payment flows, we plan >>> to have a new COOP value: “restrict-properties” that enables >>> crossOriginIsolation when used in conjunction with COEP. This new value >>> restricts cross-window access to just postMessage and closed instead of >>> completely severing popup access. >>> >>> Spec work is ongoing (see discussion >>> <https://github.com/whatwg/html/issues/6364>, and previous iteration PR >>> <https://github.com/whatwg/html/pull/7783>) and requires partners input >>> to convince others that it is the correct solution. Initial design and >>> implementation met some issues and we got back to the design stage after >>> missing the OT in 109. We are iterating on it with support from Chrome >>> Security Architecture. See the design doc >>> <https://docs.google.com/document/d/1qXlC6HZXd6UDokI8_cHYAVaXhHop0Ia6-z3fZl6saX8/edit> >>> and this discussion doc >>> <https://docs.google.com/document/d/1gJNFK_hOhQ-nbrAVi5QvoS32QOutOR1IrXHLWIjade4/edit> >>> for details. We are now planning to have an OT in early 2022. Other vendors >>> and TAG need to be queried again for standardization once the new design is >>> considered good, but that is not required to start the OT, since feedback >>> will very likely have influence. This feature is the last puzzle piece to >>> make COI adoption possible across various use cases. >>> >>> >>> >>> 1. >>> >>> *Anonymous iframes <https://github.com/WICG/anonymous-iframe> - >>> launch bug <https://crbug.com/1342928> - I2P >>> >>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/CjrLTguZuO4/m/kEO65RvCAAAJ> >>> - I2E >>> >>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/-7H19EHTenU/m/oWfFm21eAAAJ> >>> - I2S >>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/twjmdCcfHYM>* >>> >>> Anonymous iframes are a generalization of COEP credentialless to support >>> 3rd party iframes. Instead of waiting for the third party to opt-in into >>> COEP, it allows the embedder to load the public version of iframe without >>> requiring COEP. The anonymous iframe’s document is assigned a new and >>> ephemeral storage/network/cookie partition. >>> >>> The Anonymous iframes <https://github.com/WICG/anonymous-iframe> OT >>> started in M106 and we’ve received positive >>> <https://docs.google.com/document/d/1WzOrxIQnq9sTFkou9P8GshrQSeyO3MBdSvYqJjP410Q/edit#bookmark=id.cm0t44nhlzwt> >>> feedback from developers. We would like to address issue/5 >>> <https://github.com/WICG/anonymous-iframe/issues/5> and enable the >>> feature in M110 >>> >>> The spec: >>> https://wicg.github.io/anonymous-iframe/#specification (PRs: 1 >>> <https://github.com/whatwg/html/pull/7695>,2 >>> <https://github.com/whatwg/fetch/pull/1416>,3 >>> <https://github.com/whatwg/storage/pull/139>) >>> >>> >>> Cheers, >>> Lutz >>> >>> On Mon, Aug 1, 2022 at 2:57 PM Lutz Vahl <v...@chromium.org> wrote: >>> >>>> Thanks, sure I'll come back before the M1909 branch cut to present >>>> progress if needed. See you soon :) >>>> >>>> On Mon, Aug 1, 2022 at 2:44 PM Yoav Weiss <yoavwe...@chromium.org> >>>> wrote: >>>> >>>>> Given the evidence you presented, which shows significant progress, >>>>> LGTM to experiment until M109 inclusive. >>>>> >>>>> Please come back to this thread (with any future progress) if further >>>>> extensions are needed. >>>>> >>>>> Cheers :) >>>>> Yoav >>>>> >>>>> On Mon, Aug 1, 2022 at 2:17 PM Lutz Vahl <v...@chromium.org> wrote: >>>>> >>>>>> Yes, we've asked in the past already for M113 but it was only >>>>>> approved to M106 (including) until now. >>>>>> Thus I've shared the progress made until now and the outlook. >>>>>> >>>>>> Cheers, >>>>>> Lutz >>>>>> >>>>>> Yoav Weiss <yoavwe...@chromium.org> schrieb am Mo., 1. Aug. 2022, >>>>>> 13:57: >>>>>> >>>>>>> If I'm reading the past thread comments correctly, the OT extension >>>>>>> was approved until M106 (inclusive). Is that correct? >>>>>>> >>>>>>> On Thu, Jul 28, 2022 at 5:36 PM Lutz Vahl <v...@chromium.org> wrote: >>>>>>> >>>>>>>> HI all, >>>>>>>> >>>>>>>> coming back to this thread as discussed a while back. >>>>>>>> >>>>>>>> Summary >>>>>>>> >>>>>>>> ‘SharedArrayBuffers’ (SABs) on desktop platforms are restricted to >>>>>>>> cross-origin isolated environments, matching the behavior we've >>>>>>>> recently >>>>>>>> shipped on Android and Firefox. We've performed that change in Chrome >>>>>>>> 92. A >>>>>>>> reverse OT was started to give developers the option to use SABs in >>>>>>>> case >>>>>>>> they are not able to adopt cross origin isolation yet. >>>>>>>> >>>>>>>> Updates >>>>>>>> >>>>>>>> We’ve received lots of feedback that adopting COOP/COEP is >>>>>>>> difficult (details above). Nevertheless we made substantial progress >>>>>>>> towards removing the usage - Chromestatus is showing that SABs in >>>>>>>> non-COI >>>>>>>> context are being used on ~0.026% >>>>>>>> <https://chromestatus.com/metrics/feature/timeline/popularity/3721> >>>>>>>> page loads (down from >2.5%). >>>>>>>> >>>>>>>> The API owners asked to prove substantial progress to allow an >>>>>>>> extension until M113 (3x MS after shipping the last feature), >>>>>>>> which I’m happy to share: >>>>>>>> >>>>>>>> >>>>>>>> 1. >>>>>>>> >>>>>>>> COEP:credentialless <https://github.com/WICG/credentiallessness> >>>>>>>> - https://crbug.com/1218896 >>>>>>>> >>>>>>>> COEP:credentialless was shipped in M96. (Adoption is already >>>>>>>> increasing to 0.025% >>>>>>>> <https://chromestatus.com/metrics/feature/popularity#CrossOriginEmbedderPolicyCredentialless> >>>>>>>> of main pages) >>>>>>>> >>>>>>>> >>>>>>>> 1. >>>>>>>> >>>>>>>> COOP: restrict-properties >>>>>>>> >>>>>>>> <https://github.com/hemeryar/explainers/blob/main/coop_restrict_properties.md> >>>>>>>> - launch bug >>>>>>>> <https://bugs.chromium.org/p/chromium/issues/detail?id=1347385> >>>>>>>> - I2E >>>>>>>> >>>>>>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/JrMX5H2PX_o/m/JipeWijACAAJ> >>>>>>>> >>>>>>>> Developers who depend on popups to 3P for e.g. identity or payment >>>>>>>> flows can’t currently deploy cross-origin-isolation. To allow >>>>>>>> crossOriginIsolated pages to use popup-based OAuth/payment flows, we >>>>>>>> plan >>>>>>>> to have a new COOP value: “restrict-properties” that enables >>>>>>>> crossOriginIsolation when used in conjunction with COEP. This new value >>>>>>>> restricts cross-window access to just postMessage and closed instead of >>>>>>>> completely severing popup access. >>>>>>>> >>>>>>>> Spec work is ongoing (see discussion >>>>>>>> <https://github.com/whatwg/html/issues/6364>, and previous >>>>>>>> iteration PR <https://github.com/whatwg/html/pull/7783>) and >>>>>>>> requires partners input to convince Mozilla that it is the correct >>>>>>>> solution, ENG work is ongoing and we’re targeting M106 for OT and M110 >>>>>>>> to >>>>>>>> ship. >>>>>>>> >>>>>>>> >>>>>>>> 1. >>>>>>>> >>>>>>>> Anonymous iframes <https://github.com/WICG/anonymous-iframe> >>>>>>>> and COEP reflection - launch bug <https://crbug.com/1342928> - >>>>>>>> I2P >>>>>>>> >>>>>>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/CjrLTguZuO4/m/kEO65RvCAAAJ> >>>>>>>> - I2E >>>>>>>> >>>>>>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/-7H19EHTenU/m/oWfFm21eAAAJ> >>>>>>>> >>>>>>>> Anonymous iframes are a generalization of COEP credentialless to >>>>>>>> support 3rd party iframes that may not deploy COEP. Like with COEP >>>>>>>> credentialless, we replace the opt-in of cross-origin subresources by >>>>>>>> avoiding to load non-public resources. This will remove the constraint >>>>>>>> and >>>>>>>> will unblock developers to adopt cross-origin-isolation as soon as >>>>>>>> they’re >>>>>>>> embedding 3P iframes. >>>>>>>> >>>>>>>> Based on the progress made for storage partitioning and CHIPs, >>>>>>>> which are needed to safely ship Anonymous iframes, we’re unblocked to >>>>>>>> start >>>>>>>> the OT in M106 and the rollout in Q3 2022 (M110). >>>>>>>> >>>>>>>> The spec: >>>>>>>> >>>>>>>> https://wicg.github.io/anonymous-iframe/#specification (PRs: 1 >>>>>>>> <https://github.com/whatwg/html/pull/7695>,2 >>>>>>>> <https://github.com/whatwg/fetch/pull/1416>,3 >>>>>>>> <https://github.com/whatwg/storage/pull/139>) >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> PLMK if we can extend the OT until M113. Thanks. >>>>>>>> >>>>>>>> On Wed, May 11, 2022 at 8:08 PM Chris Harrelson < >>>>>>>> chris...@chromium.org> wrote: >>>>>>>> >>>>>>>>> Reusing this thread would be totally fine. >>>>>>>>> >>>>>>>>> On Wed, May 11, 2022, 11:29 AM Lutz Vahl <v...@chromium.org> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> Great, thanks Chris. >>>>>>>>>> I'll report back in the next months. Shall I use this thread to >>>>>>>>>> do so or kick off a new one - any preferences? >>>>>>>>>> >>>>>>>>>> On Tue, May 10, 2022 at 11:09 PM Chris Harrelson < >>>>>>>>>> chris...@chromium.org> wrote: >>>>>>>>>> >>>>>>>>>>> LGTM to experiment for 3 additional milestones. I think this >>>>>>>>>>> counts for sure as substantial progress. >>>>>>>>>>> >>>>>>>>>>> Thank you for all the useful information and your dedication to >>>>>>>>>>> doing right by the web and partner developers! >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Fri, May 6, 2022 at 5:58 AM 'Arthur Hemery' via blink-dev < >>>>>>>>>>> blink-dev@chromium.org> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi everyone I just wanted to chime in as the current owner of >>>>>>>>>>>> the COI with popups effort. Spec discussions have been extremely >>>>>>>>>>>> long <https://github.com/whatwg/html/issues/6364> since the >>>>>>>>>>>> topic is complex and other vendors don't have the same incentive, >>>>>>>>>>>> since >>>>>>>>>>>> they've completely disabled SAB. We're working hard on making this >>>>>>>>>>>> move >>>>>>>>>>>> forward but some of it is out of our control. We're doing as much >>>>>>>>>>>> implementation work in advance as possible, so that once we agree >>>>>>>>>>>> with >>>>>>>>>>>> Firefox it goes promptly. >>>>>>>>>>>> >>>>>>>>>>>> PS: If you're working on a website that currently uses the >>>>>>>>>>>> reverse OT because it needs to interact with popups, feel free to >>>>>>>>>>>> reach out >>>>>>>>>>>> to me personally about your thoughts on the current proposal >>>>>>>>>>>> <https://github.com/hemeryar/explainers/blob/main/coop_restrict_properties.md>. >>>>>>>>>>>> Getting developers feedback will help make it move faster! >>>>>>>>>>>> >>>>>>>>>>>> On Friday, May 6, 2022 at 10:29:45 AM UTC+2 va...@chromium.org >>>>>>>>>>>> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hi API owners, >>>>>>>>>>>>> >>>>>>>>>>>>> CIL. >>>>>>>>>>>>> PLMK in case you've additional questions. >>>>>>>>>>>>> >>>>>>>>>>>>> On Wed, May 4, 2022 at 6:41 PM Chris Harrelson < >>>>>>>>>>>>> chri...@chromium.org> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> The API owners met today and discussed this Intent. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Overall, I'd summarize as saying that I think the API owners >>>>>>>>>>>>>> would only be comfortable extending the origin trial by 3 >>>>>>>>>>>>>> milestones at >>>>>>>>>>>>>> this time. (We have not yet approved that extension however; >>>>>>>>>>>>>> first I'd like >>>>>>>>>>>>>> to wait for an answer to the followup question inline below). >>>>>>>>>>>>>> >>>>>>>>>>>>> Happy to report back after the M106 branch point if we were >>>>>>>>>>>>> able to start the OTs of Anonymous iframes and COI+popups. We'll >>>>>>>>>>>>> not be >>>>>>>>>>>>> able to report any impact of the use counters on stable at that >>>>>>>>>>>>> time. >>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> After that time, if you wish to extend it further, you'll >>>>>>>>>>>>>> need to show substantial additional progress >>>>>>>>>>>>>> <https://www.chromium.org/blink/launching-features/#step-3-optional-origin-trial> >>>>>>>>>>>>>> towards shipping. For me, substantial progress could include "we >>>>>>>>>>>>>> rolled out >>>>>>>>>>>>>> more of the mechanisms to make it easy to migrate", "the number >>>>>>>>>>>>>> of reverse >>>>>>>>>>>>>> OT participants dropped substially", or "the use counter and >>>>>>>>>>>>>> list of sites >>>>>>>>>>>>>> at risk reduced substantially". >>>>>>>>>>>>>> >>>>>>>>>>>>> In the current OT time frame we've shipped COEP:credentialless >>>>>>>>>>>>> - so there was substantial progress made. Nevertheless two pieces >>>>>>>>>>>>> are still >>>>>>>>>>>>> missing to make the adoption possible in all cases where we're >>>>>>>>>>>>> working on >>>>>>>>>>>>> finalizing the spec and the implementations. +Camille Lamy Is >>>>>>>>>>>>> able to share more about the complexities involved and why this >>>>>>>>>>>>> is taking >>>>>>>>>>>>> so long. >>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Wed, Apr 27, 2022 at 9:27 AM Lutz Vahl <va...@chromium.org> >>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Wed, Apr 27, 2022 at 5:14 PM Chris Harrelson < >>>>>>>>>>>>>>> chri...@chromium.org> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Wed, Apr 27, 2022 at 6:04 AM Lutz Vahl < >>>>>>>>>>>>>>>> va...@chromium.org> wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Contact emails >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> va...@chromium.org cl...@chromium.org >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Explainer >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> https://docs.google.com/document/d/1zDlfvfTJ_9e8Jdc8ehuV4zMEu9ySMCiTGMS9y0GU92k >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Specification >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> https://tc39.github.io/ecma262/#sec-sharedarraybuffer-objects >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Design docs Including the new security requirements >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/SharedArrayBuffer >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Discussion how and what to gate >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> https://github.com/whatwg/html/issues/4732 >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Summary >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> ‘SharedArrayBuffers’ (SABs) on desktop platforms are >>>>>>>>>>>>>>>>> restricted to cross-origin isolated environments, matching >>>>>>>>>>>>>>>>> the behavior >>>>>>>>>>>>>>>>> we've recently shipped on Android and Firefox. We've >>>>>>>>>>>>>>>>> performed that change >>>>>>>>>>>>>>>>> in Chrome 92. A reverse OT was started to give developers the >>>>>>>>>>>>>>>>> option to use >>>>>>>>>>>>>>>>> SABs in case they are not able to adopt cross origin >>>>>>>>>>>>>>>>> isolation yet. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> We’ve received lot’s of feedback that adopting COOP/COEP >>>>>>>>>>>>>>>>> is hard (details below). Therefore I’m asking for your >>>>>>>>>>>>>>>>> approval to extend >>>>>>>>>>>>>>>>> the SAB reverse OT again from M103 until M113 (branch >>>>>>>>>>>>>>>>> point 2023-03-23). This is an estimation - Can we come >>>>>>>>>>>>>>>>> back to y'all in 6 months with a report on progress and usage >>>>>>>>>>>>>>>>> to justify >>>>>>>>>>>>>>>>> that extension and agree on the final milestone? >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Experimental timeline / plan for all new capabilities >>>>>>>>>>>>>>>>> needed to replace the OT >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> The SAB restriction in M92 went smoothly without any major >>>>>>>>>>>>>>>>> issues in the wild because we offered the reverse OT. We’ve >>>>>>>>>>>>>>>>> received lots >>>>>>>>>>>>>>>>> of feedback that adopting COOP/COEP is hard and sometimes >>>>>>>>>>>>>>>>> impossible. >>>>>>>>>>>>>>>>> Therefore the reverse OT is currently the only way to enable >>>>>>>>>>>>>>>>> SABs for some >>>>>>>>>>>>>>>>> sites within Chromium. Chromestatus is showing that SABs in >>>>>>>>>>>>>>>>> none COI >>>>>>>>>>>>>>>>> context are being used on ~0.36% >>>>>>>>>>>>>>>>> <https://chromestatus.com/metrics/feature/popularity#V8SharedArrayBufferConstructedWithoutIsolation> >>>>>>>>>>>>>>>>> page loads. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> This seems off by a factor of 10. The real number seems to >>>>>>>>>>>>>>>> be 0.036% or so >>>>>>>>>>>>>>>> <https://chromestatus.com/metrics/feature/timeline/popularity/3721>, >>>>>>>>>>>>>>>> right? Can you highlight why it's important to extend for 10 >>>>>>>>>>>>>>>> more >>>>>>>>>>>>>>>> milestones for such a small percentage of traffic? Will the >>>>>>>>>>>>>>>> sites in >>>>>>>>>>>>>>>> question completely break for some reason, or just behave the >>>>>>>>>>>>>>>> same as in >>>>>>>>>>>>>>>> non-chromium browsers? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> That's on me: 0.036% >>>>>>>>>>>>>>> <https://chromestatus.com/metrics/feature/timeline/popularity/3721> >>>>>>>>>>>>>>> is >>>>>>>>>>>>>>> correct! >>>>>>>>>>>>>>> Some sites use SAB to gain extra performance on chromium >>>>>>>>>>>>>>> based browsers in some cases 3P content is using SABs. Some >>>>>>>>>>>>>>> might work >>>>>>>>>>>>>>> without the OT others will break based on how they identify >>>>>>>>>>>>>>> their code path >>>>>>>>>>>>>>> to be used. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> The list of OT registrations is ~500 and most of them >>>>>>>>>>>>>>> mentioned to be blocked by 3Ps to deploy COOP+COEP broadly. >>>>>>>>>>>>>>> We're happy to extend the OT to give them time to adopt. Do >>>>>>>>>>>>>>> you (and/or other API owners) think this is not required based >>>>>>>>>>>>>>> on the low >>>>>>>>>>>>>>> usage? >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> Thanks for this information. Can you also share some examples >>>>>>>>>>>>>> of specific sites you're concerned about breaking and how they >>>>>>>>>>>>>> would break? >>>>>>>>>>>>>> >>>>>>>>>>>>> I've shared Zoom and Google Earth already in the original >>>>>>>>>>>>> post. The breakage is based on a performance drop in case >>>>>>>>>>>>> pThreads are not >>>>>>>>>>>>> available any more. Therefore the page (or parts of it) came >>>>>>>>>>>>> unusable. >>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> To overcome this limitation and make adoption possible >>>>>>>>>>>>>>>>> more broadly (public feedback >>>>>>>>>>>>>>>>> <https://github.com/WICG/proposals/issues/53>), we’re >>>>>>>>>>>>>>>>> working on multiple solutions >>>>>>>>>>>>>>>>> <https://github.com/camillelamy/explainers/blob/main/cross-origin-isolation-deployment.md> >>>>>>>>>>>>>>>>> (all shared timelines are WIP): >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> 1. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> COEP:credentialless >>>>>>>>>>>>>>>>> <https://github.com/WICG/credentiallessness> - >>>>>>>>>>>>>>>>> https://crbug.com/1218896 >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> COEP:credentialless causes no-cors cross-origin requests >>>>>>>>>>>>>>>>> not to include >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> credentials (cookies, client certificates, etc...). >>>>>>>>>>>>>>>>> Similarly to require-corp, it can be used to enable >>>>>>>>>>>>>>>>> cross-origin-isolation. >>>>>>>>>>>>>>>>> Some developers are blocked on a set of dependencies which >>>>>>>>>>>>>>>>> don't yet assert >>>>>>>>>>>>>>>>> that they're safe to embed in cross-origin isolated >>>>>>>>>>>>>>>>> environments. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> This mechanism was shipped in M96. (Adoption is already at >>>>>>>>>>>>>>>>> 0.02% >>>>>>>>>>>>>>>>> <https://chromestatus.com/metrics/feature/popularity#CrossOriginEmbedderPolicyCredentialless> >>>>>>>>>>>>>>>>> of main pages) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> 1. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> COI+popups (formally: COOP >>>>>>>>>>>>>>>>> same-origin-allow-popups-plus-coep >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> <https://github.com/camillelamy/explainers/blob/main/coi-with-popups.md> >>>>>>>>>>>>>>>>> ) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> To allow crossOriginIsolated pages to use popup-based >>>>>>>>>>>>>>>>> OAuth/payment flows, we plan to have COOP >>>>>>>>>>>>>>>>> same-origin-allow-popups enable >>>>>>>>>>>>>>>>> crossOriginIsolation when used in conjunction with COEP. >>>>>>>>>>>>>>>>> Developers who >>>>>>>>>>>>>>>>> depend on popups to 3P for e.g. identity or payment flows >>>>>>>>>>>>>>>>> can’t currently >>>>>>>>>>>>>>>>> deploy cross-origin-isolation. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Spec work is ongoing and we’re targeting Q2 2022 for the >>>>>>>>>>>>>>>>> OT and Q3 for the shipping. As soon as the spec is defined, >>>>>>>>>>>>>>>>> we’ll kick off >>>>>>>>>>>>>>>>> the intent process. Without this all sites need to migrate to >>>>>>>>>>>>>>>>> FedCM and >>>>>>>>>>>>>>>>> WebPayment for their flows to be able to use SABs. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> 1. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Anonymous iframes >>>>>>>>>>>>>>>>> <https://github.com/WICG/anonymous-iframe> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Anonymous iframes are a generalization of COEP >>>>>>>>>>>>>>>>> credentialless to support 3rd party iframes that may not >>>>>>>>>>>>>>>>> deploy COEP. Like >>>>>>>>>>>>>>>>> with COEP credentialless, we replace the opt-in of >>>>>>>>>>>>>>>>> cross-origin >>>>>>>>>>>>>>>>> subresources by avoiding to load non-public resources. This >>>>>>>>>>>>>>>>> will remove the >>>>>>>>>>>>>>>>> constraint and will unblock developers to adopt >>>>>>>>>>>>>>>>> cross-origin-isolation as >>>>>>>>>>>>>>>>> soon as they’re embedding 3P iframes. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Based on the progress made for storage partitioning and >>>>>>>>>>>>>>>>> CHIPs, which are needed to safely ship Anonymous iframes, >>>>>>>>>>>>>>>>> we’re aiming to >>>>>>>>>>>>>>>>> start the OT in Q2 2022 (M106) and the rollout in Q3 2022 >>>>>>>>>>>>>>>>> (M110). >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Blink component >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Blink>JavaScript >>>>>>>>>>>>>>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EJavaScript> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Search tags >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> SharedArrayBuffer >>>>>>>>>>>>>>>>> <https://chromestatus.com/features#tags:SharedArrayBuffer> >>>>>>>>>>>>>>>>> , SAB <https://chromestatus.com/features#tags:SAB> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> TAG review >>>>>>>>>>>>>>>>> https://github.com/w3ctag/design-reviews/issues/471 >>>>>>>>>>>>>>>>> TAG review statusClosed >>>>>>>>>>>>>>>>> RisksInteroperability and Compatibility >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> We expect this change to negatively impact developers >>>>>>>>>>>>>>>>> using `SharedArrayBuffer` today. Chrome was the only platform >>>>>>>>>>>>>>>>> where SABs >>>>>>>>>>>>>>>>> have been available without COOP/COEP. Therefore we need to >>>>>>>>>>>>>>>>> give developers >>>>>>>>>>>>>>>>> the right capabilities and a clear path forward to ensure >>>>>>>>>>>>>>>>> they’ve enough >>>>>>>>>>>>>>>>> time to adopt. We aim to mitigate these risks by adopting a >>>>>>>>>>>>>>>>> longer-than-usual depreciation period with console >>>>>>>>>>>>>>>>> warnings/issues and a >>>>>>>>>>>>>>>>> reverse origin trial. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Good news is usage is down to ~0.36% >>>>>>>>>>>>>>>>> <https://chromestatus.com/metrics/feature/popularity#V8SharedArrayBufferConstructedWithoutIsolation> >>>>>>>>>>>>>>>>> page loads and that other browsers have or are shipping >>>>>>>>>>>>>>>>> SABs again gated behind COOP/COEP. Bad news is that Chromium >>>>>>>>>>>>>>>>> was the only >>>>>>>>>>>>>>>>> browser that supported SABs without COI, therefore we need to >>>>>>>>>>>>>>>>> provide a >>>>>>>>>>>>>>>>> migration path to not break existing sites such as Zoom or >>>>>>>>>>>>>>>>> Google Earth. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Gecko: Shipped/Shipping ( >>>>>>>>>>>>>>>>> https://bugzilla.mozilla.org/show_bug.cgi?id=1312446) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> WebKit: Added COOP/COEP and SAB support recently gated >>>>>>>>>>>>>>>>> behind COOP/COEP >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Will this feature be supported on all six Blink platforms >>>>>>>>>>>>>>>>> (Windows, Mac, Linux, Chrome OS, Android, and Android >>>>>>>>>>>>>>>>> WebView)? >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> No - This OT is only for desktop, as this was the only >>>>>>>>>>>>>>>>> platform where SABs have been available without COOP/COEP. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Android re-enabled SABs gated behind COOP/COEP: >>>>>>>>>>>>>>>>> https://chromestatus.com/feature/5171863141482496 >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Tracking bug >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> https://bugs.chromium.org/p/chromium/issues/detail?id=1144104 >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Launch bug >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> https://bugs.chromium.org/p/chromium/issues/detail?id=1138860 >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Blink-dev Thread >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Planning isolation requirements (COOP/COEP) for >>>>>>>>>>>>>>>>> SharedArrayBuffer >>>>>>>>>>>>>>>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/_0MEXs6TJhg/m/QzWOGv7pAQAJ> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> I2S >>>>>>>>>>>>>>>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/1NKvbIj3dq4/m/nLcgUst-BQAJ> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Link to entry on the Chrome Platform Status >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> https://chromestatus.com/feature/4570991992766464 >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>> You received this message because you are subscribed to >>>>>>>>>>>>>>>>> the Google Groups "blink-dev" group. >>>>>>>>>>>>>>>>> To unsubscribe from this group and stop receiving emails >>>>>>>>>>>>>>>>> from it, send an email to blink-dev+...@chromium.org. >>>>>>>>>>>>>>>>> To view this discussion on the web visit >>>>>>>>>>>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAH0ixBN2JhcYtpT4UYKcAfHt1e0Wz_Uxz0CkXcAntguhbmyNCA%40mail.gmail.com >>>>>>>>>>>>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAH0ixBN2JhcYtpT4UYKcAfHt1e0Wz_Uxz0CkXcAntguhbmyNCA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>>>>>>>>>>>> . >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>>>>>>> Google Groups "blink-dev" group. >>>>>>>>>>>>>>>> To unsubscribe from this group and stop receiving emails >>>>>>>>>>>>>>>> from it, send an email to blink-dev+...@chromium.org. >>>>>>>>>>>>>>>> To view this discussion on the web visit >>>>>>>>>>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw_HkK7R3fA0pyGUm8MNjbqoBR54XrQZWKeD464qb6JNhA%40mail.gmail.com >>>>>>>>>>>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw_HkK7R3fA0pyGUm8MNjbqoBR54XrQZWKeD464qb6JNhA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>>>>>>>>>>> . >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- >>>>>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>>>>> Google Groups "blink-dev" group. >>>>>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>>>>> it, send an email to blink-dev+...@chromium.org. >>>>>>>>>>>>>> >>>>>>>>>>>>> To view this discussion on the web visit >>>>>>>>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CA%2BN6QZsiRA7SaCapgRDnnGC7RNFZ82NRW_xadxOm4e0xNLJuNA%40mail.gmail.com >>>>>>>>>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CA%2BN6QZsiRA7SaCapgRDnnGC7RNFZ82NRW_xadxOm4e0xNLJuNA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>>>>>>>>> . >>>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>>> Google Groups "blink-dev" group. >>>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>>> it, send an email to blink-dev+unsubscr...@chromium.org. >>>>>>>>>>>> To view this discussion on the web visit >>>>>>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/df3c52f6-d928-404f-9d92-740edba62502n%40chromium.org >>>>>>>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/df3c52f6-d928-404f-9d92-740edba62502n%40chromium.org?utm_medium=email&utm_source=footer> >>>>>>>>>>>> . >>>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>> Google Groups "blink-dev" group. >>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>> it, send an email to blink-dev+unsubscr...@chromium.org. >>>>>>>>>>> To view this discussion on the web visit >>>>>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw9dUzHffPmitk5iv%2BvKx03_6bmf9WUp6%2BKShMgyEY8xqw%40mail.gmail.com >>>>>>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw9dUzHffPmitk5iv%2BvKx03_6bmf9WUp6%2BKShMgyEY8xqw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>>>>>> . >>>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>> Google Groups "blink-dev" group. >>>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>>> send an email to blink-dev+unsubscr...@chromium.org. >>>>>>>>>> To view this discussion on the web visit >>>>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAH0ixBNs_nxh5pKgV_W2%3DNufRsrU_LA7CW-tso_0uJm3Aswy0g%40mail.gmail.com >>>>>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAH0ixBNs_nxh5pKgV_W2%3DNufRsrU_LA7CW-tso_0uJm3Aswy0g%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>>>>> . >>>>>>>>>> >>>>>>>>> -- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "blink-dev" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to blink-dev+unsubscr...@chromium.org. >>>>>>>>> To view this discussion on the web visit >>>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw84WJS-Vt4S8%2BiRuHqZZaGaP58MCNCo3sCJoH%3DwxN%2BmBg%40mail.gmail.com >>>>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw84WJS-Vt4S8%2BiRuHqZZaGaP58MCNCo3sCJoH%3DwxN%2BmBg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>>>> . >>>>>>>>> >>>>>>>> -- >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "blink-dev" group. >>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to blink-dev+unsubscr...@chromium.org. >>>>>>>> To view this discussion on the web visit >>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAH0ixBO1%3D_WbDvMZ9oWQV01MgQ0J272G0FqCvdmgcbTEr5U4Nw%40mail.gmail.com >>>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAH0ixBO1%3D_WbDvMZ9oWQV01MgQ0J272G0FqCvdmgcbTEr5U4Nw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>>> . >>>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "blink-dev" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to blink-dev+unsubscr...@chromium.org. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfWBZMRp%3DzYqC_%2Ba9BGD0%3D%2Bzi_1NUxd4MgFno7MSPG%2BzWA%40mail.gmail.com >>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfWBZMRp%3DzYqC_%2Ba9BGD0%3D%2Bzi_1NUxd4MgFno7MSPG%2BzWA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "blink-dev" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to blink-dev+unsubscr...@chromium.org. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfUTTamjCT0tg5S4wG2fVAJ06wGuMuap0GzurfHgzRqocg%40mail.gmail.com >>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfUTTamjCT0tg5S4wG2fVAJ06wGuMuap0GzurfHgzRqocg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfWZqjxDfnOk8-dwcheJ%3D%2ByX1F_wf5xtP-OiigWAyZgfbQ%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfWZqjxDfnOk8-dwcheJ%3D%2ByX1F_wf5xtP-OiigWAyZgfbQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAH0ixBPgqH-OVgA5g3VU_uArq3JzOR6347p0YQ_WmkYHhqsnBA%40mail.gmail.com.
