Window: credentialless property
Limited availability
This feature is not Baseline because it does not work in some of the most widely-used browsers.
Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.
The window.credentialless
read-only property returns a boolean that indicates whether the current document was loaded inside a credentialless <iframe>
, meaning that it is loaded in a new, ephemeral context.
This context doesn't have access to the network, cookies, and storage data associated with its origin. It uses a new context local to the top-level document lifetime. In return, the Cross-Origin-Embedder-Policy
(COEP) embedding rules can be lifted, so documents with COEP set can embed third-party documents that do not.
See IFrame credentialless for a deeper explanation.
Value
A boolean. A value of true
indicates that the document was loaded inside a credentialless <iframe>
; false
indicates that it was not.
Examples
You can specify a credentialless <iframe>
like so:
<iframe
src="https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)"
title="Spectre vulnerability Wikipedia page"
width="960"
height="600"
credentialless></iframe>
In supporting browsers, if the document loaded in the <iframe>
were to run the following line, it would return true
:
console.log(window.credentialless);
Specifications
Specification |
---|
Iframe credentialless # dom-window-credentialless |
Browser compatibility
BCD tables only load in the browser