COEP:credentialless merged into the HTML and Fetch specification.
See PR:
Significant sections:
This document is not going to be actively maintained, please refer to HTML and FETCH as the source of truth for implementations.
Credentialless is a Cross-Origin-Embedder-Policy (COEP) variant. Similarly to require-corp, it can be used to enable cross-origin-isolation. Contrary to require-corp, it is easier to deploy, instead of requiring a Cross-Origin-Resource-Policy (CORP) header for every no-cors subresources, COEP:credentialless is requesting them without credentials.
- Explainer
- Specification
- Historical spec/explainer - /:\ Please use HTML and FETCH specification instead.
- Experimenting instructions