Fixing the subject prefix, apologies. On Mon, Mar 7, 2022 at 7:54 AM Ari Chivukula <[email protected]> wrote:
> Contact emails > > [email protected], [email protected], [email protected] > > Design Doc > > > https://docs.google.com/document/d/1igtMPtVTiX24bVaUo6tBgx3B16-HmUVPG7iDP5HkzD0/edit > > Specification > > https://wicg.github.io/client-hints-infrastructure/ > > Summary > > One residue of the rapid Client Hints Infrastructure > <https://wicg.github.io/client-hints-infrastructure/> iteration is the > concept of a `legacy` client hint. It’s a set of 4 hints (`dpr`, `width`, > `viewport-width`, and `device-memory`) which have a default allowlist of > `self` (meaning that they are not sent to third-party subresources unless > delegated via Permissions Policy) but behave as though they have a default > allowlist of `*` (meaning they are sent to third-party subresources as long > as the first-party page requests them) on Android. > > This `legacy` client concept on Android will be removed and a permissions > policy will be required to delegate the 4 affected hints. As of M100, Markup > based Client Hint Delegation > <https://groups.google.com/a/chromium.org/g/blink-dev/c/JQ68cvYuiQU/m/bFjAWmy3AAAJ> > is now available to allow delegation via HTML instead of HTTP headers. > > > > Blink component > > Blink>Network>ClientHints > <https://bugs.chromium.org/p/chromium/issues/list?q=component%3ABlink%3ENetwork%3EClientHints> > > > > Motivation > > We want to bring these 4 hints in line with the spec; fixing this will > increase privacy on Android by requiring explicit delegation of these hints. > > TAG review > > N/A (this change brings Android behavior in line with the spec and better > preserves privacy) > > Compatibility > > Websites visited by android devices that request the legacy device-memory, > dpr, width, and viewport-width would no longer have these hints delegated > by default to third-party subresources. This would match the current > behavior on desktop. Third-party subresources which need these hints would > need to get the first-party that loads them to adopt HTTP > <https://w3c.github.io/webappsec-permissions-policy/#serialization> or > HTML > <https://docs.google.com/document/d/1U3P9yvaT1NXG_qRmY3Lp6Me7M5kTnd3QrBb1yFUVNNk/edit> > delegation of client hints. The design doc > <https://docs.google.com/document/d/1igtMPtVTiX24bVaUo6tBgx3B16-HmUVPG7iDP5HkzD0/edit> > has usage/top-site information, and outreach is underway to ensure > third-parties expecting this information are aware of the change. The sites > which require default third-party delegation of these hints are likely much > lower than the sites which incidentally do so by default. As we encourage > Client Hint adoption, we want to ensure dependency doesn’t form on legacy, > non-compliant behavior. > > > Interoperability > > Gecko: Client Hints not yet implemented (considered non-harmful > <https://mozilla.github.io/standards-positions/#http-client-hints>) > > WebKit: Client Hints not yet implemented > > Web developers: No feedback yet > > Debuggability > > N/A > > Is this feature fully tested by web-platform-tests? > > New WPT will be added to ensure these hints are not delegated by default. > > Tracking bug > > https://crbug.com/1227043 > > Link to entry on the Chrome Platform Status > > https://chromestatus.com/feature/5694492182052864 > > > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGpy5DJdHT1P-Dg%3DgmbkmA3K-HuDhg%3D1a0tVfv9c9g6wBHGCVg%40mail.gmail.com.
