I haven't seen the notes from the meeting (don't see them here: https://github.com/w3ctag/meetings/tree/gh-pages/2022/telcons), do you have a copy and/or can you describe the forward-compatible cases?
~ Ari Chivukula (Their/There/They're) On Wed, Sep 21, 2022 at 11:38 AM Chris Harrelson <chris...@chromium.org> wrote: > Hi Ari, > > There were some questions on the TAG review about potential extensions to > the syntax for additional use cases. Just checking: do you think the > current design is forward-compatible with these use cases? > > On Wed, Sep 21, 2022 at 6:39 AM Ari Chivukula <aric...@chromium.org> > wrote: > >> There was one comment on the TAG thread: >> https://github.com/w3ctag/design-reviews/issues/765#issuecomment-1245616454 >> >> Mozilla just published a positive position: >> https://github.com/mozilla/standards-positions/issues/679 >> >> ~ Ari Chivukula (Their/There/They're) >> >> >> On Wed, Sep 7, 2022 at 2:39 PM Mike Taylor <miketa...@chromium.org> >> wrote: >> >>> We discussed this in the API OWNERS meeting today, and given that the >>> TAG review issue was added to the TPAC milestone for next week, we'd like >>> to wait a week or so to see if there is any useful feedback. >>> >>> On 8/31/22 10:44 AM, Ari Chivukula wrote: >>> >>> I'll add a note, but this is actually deliberate. >>> >>> *.foo.com does not match foo.com. >>> >>> ~ Ari Chivukula (Their/There/They're) >>> >>> On Wed, Aug 31, 2022, 10:19 ayumi hamasaki <ayumih...@gmail.com> wrote: >>> >>>> The example in the description is a bit confusing found here: >>>> https://chromestatus.com/feature/5170361717489664 >>>> >>>> Before, a permissions policy might need to look like: >>>> >>>> ``` >>>> permissions-policy: ch-ua-platform-version=(self "https://foo.com"; " >>>> https://cdn1.foo.com"; "https://cdn2.foo.com";) >>>> ``` >>>> >>>> With this feature, it could look like: permissions-policy: >>>> >>>> ``` >>>> ch-ua-platform-version=(self "https://foo.com"; "https://*.foo.com";) >>>> ``` >>>> >>>> One would think why not just write: `ch-ua-platform-version=(self " >>>> https://*.foo.com";)` instead. As you're used `foo.com` twice! >>>> >>>> ---- >>>> >>>> Would it not be better to use `foo.com` and `example.com` instead e.g. >>>> >>>> Before, a permissions policy might need to look like: >>>> >>>> ``` >>>> permissions-policy: ch-ua-platform-version=(self "https://example.com >>>> <https://foo.com/>" "https://cdn1.foo.com"; "https://cdn2.foo.com";) >>>> ``` >>>> >>>> With this feature, it could look like: permissions-policy: >>>> >>>> ``` >>>> ch-ua-platform-version=(self "https://example.com <https://foo.com/>" " >>>> https://*.foo.com";) >>>> ``` >>>> >>>> Which would make more sense. >>>> >>>> >>>> On Wednesday, 31 August 2022 at 15:10:31 UTC+1 ari...@chromium.org >>>> wrote: >>>> >>>>> Sorry about that: >>>>> https://github.com/mozilla/standards-positions/issues/679 >>>>> https://github.com/WebKit/standards-positions/issues/51 >>>>> >>>>> >>>>> ~ Ari Chivukula (Their/There/They're) >>>>> >>>>> On Wed, Aug 31, 2022, 10:06 Yoav Weiss <yoav...@chromium.org> wrote: >>>>> >>>>>> >>>>>> >>>>>> On Fri, Aug 26, 2022 at 7:27 PM Ari Chivukula <ari...@chromium.org> >>>>>> wrote: >>>>>> >>>>>>> Contact emails >>>>>>> >>>>>>> ari...@chromium.org, mike...@chromium.org >>>>>>> >>>>>>> Design Doc >>>>>>> >>>>>>> >>>>>>> https://docs.google.com/document/d/1HtkQivbjO6TiP6uZdTt4KmTnWzbs5IZpEdrz59-fyYU/edit >>>>>>> >>>>>>> Specification >>>>>>> >>>>>>> https://github.com/w3c/webappsec-permissions-policy/issues/479 >>>>>>> >>>>>>> Summary >>>>>>> >>>>>>> This feature will add support for wildcard in permissions policy >>>>>>> structured like SCHEME://*.HOST:PORT (e.g., https://*.foo.com/) >>>>>>> where a valid Origin could be constructed from SCHEME://HOST:PORT (e.g., >>>>>>> https://foo.com/). This requires that HOST is at least eTLD+1 (a >>>>>>> registrable domain). This means that https://*.bar.foo.com/ works >>>>>>> but https://*.com/ won’t (if you want to allow all domains to use >>>>>>> the feature, you should just delegate to *). Wildcards in the scheme and >>>>>>> port section will be unsupported and https://*.foo.com/ does not >>>>>>> delegate to https://foo.com/. >>>>>>> >>>>>>> Before, a permissions policy might need to look like: >>>>>>> >>>>>>> permissions-policy: ch-ua-platform-version=(self "https://foo.com"; " >>>>>>> https://cdn1.foo.com"; "https://cdn2.foo.com";) >>>>>>> >>>>>>> With this feature, it could look like: >>>>>>> >>>>>>> permissions-policy: ch-ua-platform-version=(self "https://foo.com"; >>>>>>> "https://*.foo.com";) >>>>>>> >>>>>>> >>>>>>> >>>>>>> Blink component >>>>>>> >>>>>>> Blink>PermissionsAPI >>>>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EPermissionsAPI> >>>>>>> >>>>>>> >>>>>>> >>>>>>> Motivation >>>>>>> >>>>>>> The Permissions Policy specification >>>>>>> <https://w3c.github.io/webappsec-permissions-policy/> “defines a >>>>>>> mechanism that allows developers to selectively enable and disable use >>>>>>> of >>>>>>> various browser features and APIs.” One capability of this mechanism >>>>>>> allows >>>>>>> features to be enabled only on explicitly enumerated origins (e.g., >>>>>>> https://foo.com/). This mechanism is not flexible enough for the >>>>>>> design of some CDNs, which deliver content via an origin that might be >>>>>>> hosted on one of several hundred possible subdomains. >>>>>>> >>>>>>> TAG review >>>>>>> >>>>>>> https://github.com/w3ctag/design-reviews/issues/765 >>>>>>> >>>>>>> Compatibility >>>>>>> >>>>>>> Depending on their user base, sites may want to entertain a >>>>>>> transition period for older Chromium clients, where they enumerate all >>>>>>> subdomains and include the wildcard in the permissions policy. >>>>>>> >>>>>>> >>>>>>> Interoperability >>>>>>> >>>>>>> We would be the first to implement if approved. >>>>>>> >>>>>>> >>>>>>> >>>>>>> Gecko: Will ask >>>>>>> >>>>>>> >>>>>>> >>>>>>> WebKit: Will ask >>>>>>> >>>>>> >>>>>> Links to signal requests? >>>>>> >>>>>> >>>>>>> >>>>>>> >>>>>>> Web developers: >>>>>>> https://github.com/w3c/webappsec-permissions-policy/issues/479 >>>>>>> <https://github.com/WICG/client-hints-infrastructure/issues/108> >>>>>>> >>>>>>> Debuggability >>>>>>> >>>>>>> Future work might flag syntax errors in the Issues tab >>>>>>> <https://docs.google.com/document/d/1lDEvj8tMeuvUs1HTTqL-44YiI-7ljeQkusM_WhUfIeE/edit> >>>>>>> . >>>>>>> >>>>>>> Is this feature fully tested by web-platform-tests? >>>>>>> >>>>>>> No, but it will be. >>>>>>> >>>>>>> Tracking bug >>>>>>> >>>>>>> https://crbug.com/1345994 >>>>>>> >>>>>>> Link to entry on the Chrome Platform Status >>>>>>> >>>>>>> https://chromestatus.com/feature/5170361717489664 >>>>>>> >>>>>>> ~ Ari Chivukula (Their/There/They're) >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "blink-dev" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to blink-dev+...@chromium.org. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGpy5DLDbhOMWugyzXTKsvjH6koO8g7sV7eg_NQgq0GZeCOQ1A%40mail.gmail.com >>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGpy5DLDbhOMWugyzXTKsvjH6koO8g7sV7eg_NQgq0GZeCOQ1A%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+unsubscr...@chromium.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGpy5D%2BCusaFBxLhe930f_X%2BvisYes%3DQLOBB8VFevR804kcS_A%40mail.gmail.com >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGpy5D%2BCusaFBxLhe930f_X%2BvisYes%3DQLOBB8VFevR804kcS_A%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGpy5D%2Bqnrhs1j0YaFFHmJGCzzE2_YMW6yYe1QYX_PezNHWo2Q%40mail.gmail.com >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGpy5D%2Bqnrhs1j0YaFFHmJGCzzE2_YMW6yYe1QYX_PezNHWo2Q%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGpy5DL%2BnwnbfHJe5gk86LPjWEK%2BrjA37Pyv6m43zA418a6LrA%40mail.gmail.com.
