Eiji Kitamura
Developer Advocate, Google Chrome
FedCM updates: Login Status API, Error API, and Auto-selected Flag API
The LoginStatus API enables FedCM API without third-party cookies. The Error API and Auto-Selected Flag API bring more capabilities to FedCM API.
Chrome starts supporting passkeys on iCloud Keychain on macOS
Chrome on macOS starts supporting passkeys on iCloud Keychain. This lets users create passkeys on iCloud Keychain and synchronize them across Apple devices.
FedCM updates: IdP Sign-In Status API, Login Hint, and more
Chrome 116 ships new FedCM capabilities such as Login Hint API, User Info API, and RP Context API, and starts an origin trial for IdP Sign-In Status API.
Support auto-reauthentication in FedCM
In Chrome 115, FedCM supports mediation requirements from Credential Management API which enables users to reauthenticate to the RP in a more streamlined manner after the initial consent.
Chrome disables modifying document.domain
document.domain
If your website relies on setting document.domain, your action is required.
FedCM updates: Origin trial for auto-reauthentication
Introducing a few updates to FedCM including a new origin trial for auto-reauthentication. When RPs opt-in, this feature enables reauthenticaticating users automatically when they come back after their initial authentication using FedCM.
Passwordless sign-in on forms with WebAuthn passkey autofill
WebAuthn conditional UI leverages browser's form autofill functionality to let users sign in with a passkey seamlessly in the traditional password based flow.
Federated Credential Management API is shipping
The Federated Credential Management API is shipping in Chrome 108.
Update to the CanMakePayment event behavior of the Payment Handler API
The `canmakepayment` service worker event in the Payment Handler API lets the merchant know whether the user has a card on file in an installed payment app. Chrome is removing properties attached to the event.
Payment Handler API will require CSP connect-src
connect-src
The Payment Handler API users will have to add the payment endpoint to the `connect-src` directive if you are using CSP.
Authenticate with Secure Payment Confirmation
Implement authentication protocols for SPC, to validate customer transactions.
Register a Secure Payment Confirmation
Implement the registration protocols and flow for SPC, so customers can strongly authenticate against card issuers or banks directly from a merchant.
Secure Payment Confirmation
High-level overview of a proposed web standard to allow for secure authentication with payment service providers.
Federated Credential Management API
A web platform API that allows users to login to websites with their federated accounts in a manner compatible with improvements to browser privacy.
Chrome will disable modifying document.domain to relax the same-origin policy
document.domain to relax the same-origin policy
If your website relies on setting `document.domain`, your action is required.
Private Network Access: introducing preflights
Chrome is deprecating access to private network endpoints from non-secure public websites as part of the Private Network Access specification. Read on for recommended actions.
Load cross-origin resources without CORP headers using COEP: credentialless
COEP: credentialless
`Cross-Origin-Embedder-Policy: credentialless` will be on origin trial starting Chrome 93. This new value allows web pages to enable cross-origin isolation without requiring cross-origin resources to respond with a `CORP: cross-origin` header by sending credentialless requests.
Restricting Wasm module sharing to same-origin
Sharing a WebAssembly module between same-site environments will be restricted to just same-origin.
Verify a phone number on desktop using WebOTP API
Starting from Chrome 93, websites can verify phone numbers from desktop Chrome.
Aligning timers with cross origin isolation restrictions
Starting in Chrome 91, the resolution of explicit timers will be restricted to 100 microseconds across platforms without cross-origin isolation.
SharedArrayBuffer updates in Android Chrome 88 and Desktop Chrome 92
SharedArrayBuffer will arrive in Android Chrome 88. It will only be available to pages that are cross-origin isolated. Starting in Desktop Chrome 92 it will also only be available to cross-origin isolated pages. You can register for an origin trial to retain the current behavior until Desktop Chrome 113.
Feedback wanted: CORS for private networks (RFC1918)
Unintentional exposure of devices and servers on a client’s internal network to the web at large makes them vulnerable to malicious attacks. CORS-RFC1918 is a proposal to block requests from public networks by default on the browser and require internal devices to opt-in to such requests.
Gaining security and privacy by partitioning the cache
Chrome's HTTP cache partitioning helps with better security and privacy.
Verify phone numbers on the web with the WebOTP API
Finding, memorizing, and typing OTPs sent via SMS is cumbersome. The WebOTP API simplifies the OTP workflow for users.
Changes in the payment request API
In Chrome 56 and 57, there are a few changes to the Payment Request API following the spec changes. Learn what they are and make changes to your own implementations.
Streamlining the sign-in flow using credential management API
To provide a sophisticated user experience, it's important to help users authenticate themselves to your website. But creating, remembering and typing passwords tends to be cumbersome for end users, especially on mobile
Blob support for IndexedDB landed on Chrome Dev
Long awaited feature for Chrome, Blob support on IndexedDB landed in Chrome Dev.
dialog element - modals made easy
Have you ever created your own modal dialog box? Soon, you won't need to ever again; dialog boxes are becoming a part of the web platform.
datalist for range/color inputs offer some default choices
datalist for range/color inputs offer some default choices
datalist landed in Chrome Canary
By using `datalist`, your app can define a list of suggested results users should select from. They can either select an option from the list or enter freeform text.
What's different in the new WebSocket protocol
The WebSocket protocol specification has recently been updated to solve previous security concerns and is largely stable