How could a credentialless iframe use BroadcastChannel?

[annevk]

Wouldn't that only allow talking to itself? Or it would construct an instance in its parent or something like that?

[ArthurSonzogni]

Iframe credentialless does not mention specifically BroadcastChannel, but the behavior is the consequence of partitioning all the storage APIs . The added nonce makes them scoped by the current top-level document. So at most, they can only speak with other same-origin iframe credentialless inside the same frame tree.

The main goal with the design of iframe credentialless is to ease adoption of COOP/COEP, so we wanted every APIs to continue to work and not throw errors. We wanted to avoid breaking framed document. So the BroadcastChannel is quite useless, but still "usable".

[annevk]

Wait, I thought the nonce was per document? I guess that changed?

[annevk]

What was misleading to me was

It can also access data from storage APIs: [WebStorage], [IndexedDB], [web-sql], BroadcastChannel, SharedWorker, ServiceWorker, etc

It doesn't seem like it should be able to obtain any data really.

[ArthurSonzogni]

Wait, I thought the nonce was per document? I guess that changed?

The nonce is indeed per document. Nothing changed.

It doesn't seem like it should be able to obtain any data really.

The API won't throw errors, but the iframe credentialless will be very lonely. It can only talk to itself, or with a second iframe credentialless inside the same top-level document.

[annevk]

How could it talk with a second iframe? Wouldn't they have different nonces? Edit: I see, the nonce value is per top-level document.

[annevk]

I was wrong above, what I found misleading was:

The credentialless iframe could use side-channels (e.g. broadcast channels, postMessage) to attempt to get a form of personalization despite the lack of credentials.

How would this work with BroadcastChannel?