Chrome 110 Changes How Web Share API Embeds Third Party Content
Chrome 110, scheduled for release on February 7, 2022, contains a change in how it handles the Web Share API that improves privacy and security by requiring the Web Share API to explicitly allow third-party content.
This may not be something a publisher needs to act upon.
It’s probably more relevant on the developer side as they are making things like web applications that use the Web Share API.
However, it is good to know the purpose of the rare situation when it is useful in diagnosing why a web page is not working.
Mozilla developer page Describes the Web Share API:
The Web Share API allows any site to share text, links, files, and other content with user defined sharing intent, using the sharing mechanisms of the underlying operating system.
These sharing targets typically include the system clipboard, email, contacts or messaging apps, and Bluetooth or Wi-Fi channels.
… Note: This API should not be confused with the Web Share Target API, which allows a website to specify itself as a share target”
allow=”web share” attribute
An attribute is HTML markup that modifies an HTML element in some way.
For example, the nofollow attribute modifies the link element by indicating to search engines that the link is not trusted.
Allow
Iframes are everywhere, as are the ads and embedded videos.
The problem with an iframe containing content from another site is that it creates the potential to show spam or allow malicious activity.
This is the problem that the allow = “web-share” attribute solves by setting a permission policy for the iframe.
This specific permission policy (allow = “web-share”) tells the browser that it is okay to serve third party content from within the iframe.
Google ad uses this example from the attribute in use:
<iframe allow="web-share" src="https://third-party.example.com/iframe.html"></iframe>
Google calls this “Possible change to the Web Share API.“
Advertising warns:
If a share needs to be made to a third-party iframe, the recent specification change requires you to explicitly allow the operation.
Do this by adding an allow attribute to the
This tells the browser that the include site allows a third-party iframe to trigger the share action.
Read the ad on the Google Chrome web page:
New requirements for the Web Share API in third-party iframes
Featured image by Shutterstock / Krakenimages.com