You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -237,6 +237,13 @@ Even with full trust between the parties, large-scale adaptation would be requir
Using pop-ups for authentication flows is a very widely established pattern and very familiar to users on the web.
Another crucial benefit of showing authentication flows in popups or popins is the user's ability to inspect the URL bar to decide whether to trust the site with their credentials or not, which is not possible with iframes.
### [Document Picture in Picture](https://wicg.github.io/document-picture-in-picture/)
The Document Picture in Picture API provides a way for a top-level frame to create a 'floating' and positionable window treated as same-origin (allowing DOM access).
This differs in several key ways from our proposal: (1) the PiP window cannot navigate so any cross-origin content loaded in it via iframe has similar security considerations to any cross-origin iframes in the main page, (2) the PiP window isn't blocking use of the opener window, and (3) the PiP window stays visible if the user switches to use other tabs.
The Document Picture in Picture API is more generalized than the HTMLVideoElement-only version, but it is not intended to support sensitive tasks (such as authentication) which the Partitioned Popins proposal does seek to support.
