M104 ~ Ari Chivukula (Their/There/They're)
On Tue, May 17, 2022, 10:59 Joe Medley <[email protected]> wrote: > Hi, > > In which version do you intend to remove this? > > Joe > > On Monday, March 7, 2022 at 7:54:29 AM UTC-8 [email protected] wrote: > >> Contact emails >> >> [email protected], [email protected], [email protected] >> >> Design Doc >> >> >> https://docs.google.com/document/d/1igtMPtVTiX24bVaUo6tBgx3B16-HmUVPG7iDP5HkzD0/edit >> >> Specification >> >> https://wicg.github.io/client-hints-infrastructure/ >> >> Summary >> >> One residue of the rapid Client Hints Infrastructure >> <https://wicg.github.io/client-hints-infrastructure/> iteration is the >> concept of a `legacy` client hint. It’s a set of 4 hints (`dpr`, `width`, >> `viewport-width`, and `device-memory`) which have a default allowlist of >> `self` (meaning that they are not sent to third-party subresources unless >> delegated via Permissions Policy) but behave as though they have a default >> allowlist of `*` (meaning they are sent to third-party subresources as long >> as the first-party page requests them) on Android. >> >> This `legacy` client concept on Android will be removed and a permissions >> policy will be required to delegate the 4 affected hints. As of M100, Markup >> based Client Hint Delegation >> <https://groups.google.com/a/chromium.org/g/blink-dev/c/JQ68cvYuiQU/m/bFjAWmy3AAAJ> >> is now available to allow delegation via HTML instead of HTTP headers. >> >> >> >> Blink component >> >> Blink>Network>ClientHints >> <https://bugs.chromium.org/p/chromium/issues/list?q=component%3ABlink%3ENetwork%3EClientHints> >> >> >> >> Motivation >> >> We want to bring these 4 hints in line with the spec; fixing this will >> increase privacy on Android by requiring explicit delegation of these hints. >> >> TAG review >> >> N/A (this change brings Android behavior in line with the spec and better >> preserves privacy) >> >> Compatibility >> >> Websites visited by android devices that request the legacy >> device-memory, dpr, width, and viewport-width would no longer have these >> hints delegated by default to third-party subresources. This would match >> the current behavior on desktop. Third-party subresources which need these >> hints would need to get the first-party that loads them to adopt HTTP >> <https://w3c.github.io/webappsec-permissions-policy/#serialization> or >> HTML >> <https://docs.google.com/document/d/1U3P9yvaT1NXG_qRmY3Lp6Me7M5kTnd3QrBb1yFUVNNk/edit> >> delegation of client hints. The design doc >> <https://docs.google.com/document/d/1igtMPtVTiX24bVaUo6tBgx3B16-HmUVPG7iDP5HkzD0/edit> >> has usage/top-site information, and outreach is underway to ensure >> third-parties expecting this information are aware of the change. The sites >> which require default third-party delegation of these hints are likely much >> lower than the sites which incidentally do so by default. As we encourage >> Client Hint adoption, we want to ensure dependency doesn’t form on legacy, >> non-compliant behavior. >> >> >> Interoperability >> >> Gecko: Client Hints not yet implemented (considered non-harmful >> <https://mozilla.github.io/standards-positions/#http-client-hints>) >> >> WebKit: Client Hints not yet implemented >> >> Web developers: No feedback yet >> >> Debuggability >> >> N/A >> >> Is this feature fully tested by web-platform-tests? >> >> New WPT will be added to ensure these hints are not delegated by default. >> >> Tracking bug >> >> https://crbug.com/1227043 >> >> Link to entry on the Chrome Platform Status >> >> https://chromestatus.com/feature/5694492182052864 >> >> >> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGpy5DJwZQzbt_gwOiFWP96%3Dkht6WrGxBnEHpNubwMzP-80PKQ%40mail.gmail.com.
