LGTM2
On Wed, Sep 21, 2022, 18:28 Chris Harrelson <chris...@chromium.org> wrote:
Great. LGTM1 then!
On Wed, Sep 21, 2022 at 9:26 AM Ari Chivukula
<aric...@chromium.org> wrote:
Ah, yes I responded to that comment and believe it would be
possible to support that future extension without having to
un-ship this version of wildcards.
~ Ari Chivukula (Their/There/They're)
On Wed, Sep 21, 2022 at 12:21 PM Yoav Weiss
<yoavwe...@chromium.org> wrote:
Essentially, this comment
<https://github.com/w3ctag/design-reviews/issues/765#issuecomment-1245616454>
suggested
a negation syntax, which looks like a feature request, but
may be good to ensure that the current parsing algorithm
would enable such future extensions.
On Wed, Sep 21, 2022 at 6:17 PM Ari Chivukula
<aric...@chromium.org> wrote:
I haven't seen the notes from the meeting (don't see
them here:
https://github.com/w3ctag/meetings/tree/gh-pages/2022/telcons),
do you have a copy and/or can you describe the
forward-compatible cases?
~ Ari Chivukula (Their/There/They're)
On Wed, Sep 21, 2022 at 11:38 AM Chris Harrelson
<chris...@chromium.org> wrote:
Hi Ari,
There were some questions on the TAG review about
potential extensions to the syntax for additional
use cases. Just checking: do you think the current
design is forward-compatible with these use cases?
On Wed, Sep 21, 2022 at 6:39 AM Ari Chivukula
<aric...@chromium.org> wrote:
There was one comment on the TAG thread:
https://github.com/w3ctag/design-reviews/issues/765#issuecomment-1245616454
Mozilla just published a positive position:
https://github.com/mozilla/standards-positions/issues/679
~ Ari Chivukula (Their/There/They're)
On Wed, Sep 7, 2022 at 2:39 PM Mike Taylor
<miketa...@chromium.org> wrote:
We discussed this in the API OWNERS
meeting today, and given that the TAG
review issue was added to the TPAC
milestone for next week, we'd like to wait
a week or so to see if there is any useful
feedback.
On 8/31/22 10:44 AM, Ari Chivukula wrote:
I'll add a note, but this is actually
deliberate.
*.foo.com <http://foo.com> does not match
foo.com <http://foo.com>.
~ Ari Chivukula (Their/There/They're)
On Wed, Aug 31, 2022, 10:19 ayumi
hamasaki <ayumih...@gmail.com> wrote:
The example in the description is a
bit confusing found here:
https://chromestatus.com/feature/5170361717489664
Before, a permissions policy might
need to look like:
```
permissions-policy:
ch-ua-platform-version=(self
"https://foo.com";
"https://cdn1.foo.com";
"https://cdn2.foo.com";)
```
With this feature, it could look
like: permissions-policy:
```
ch-ua-platform-version=(self
"https://foo.com"; "https://*.foo.com
<https://%2A.foo.com/>")
```
One would think why not just write:
`ch-ua-platform-version=(self
"https://*.foo.com
<https://%2A.foo.com/>")` instead. As
you're used `foo.com
<http://foo.com>` twice!
----
Would it not be better to use
`foo.com <http://foo.com>` and
`example.com <http://example.com>`
instead e.g.
Before, a permissions policy might
need to look like:
```
permissions-policy:
ch-ua-platform-version=(self
"https://example.com
<https://foo.com/>" "https://cdn1.foo.com"
"https://cdn2.foo.com";)
```
With this feature, it could look
like: permissions-policy:
```
ch-ua-platform-version=(self
"https://example.com
<https://foo.com/>" "https://*.foo.com
<https://%2A.foo.com/>")
```
Which would make more sense.
On Wednesday, 31 August 2022 at
15:10:31 UTC+1 ari...@chromium.org wrote:
Sorry about that:
https://github.com/mozilla/standards-positions/issues/679
https://github.com/WebKit/standards-positions/issues/51
~ Ari Chivukula (Their/There/They're)
On Wed, Aug 31, 2022, 10:06 Yoav
Weiss <yoav...@chromium.org> wrote:
On Fri, Aug 26, 2022 at 7:27
PM Ari Chivukula
<ari...@chromium.org> wrote:
Contact emails
ari...@chromium.org,
mike...@chromium.org
Design Doc
https://docs.google.com/document/d/1HtkQivbjO6TiP6uZdTt4KmTnWzbs5IZpEdrz59-fyYU/edit
<https://docs.google.com/document/d/1HtkQivbjO6TiP6uZdTt4KmTnWzbs5IZpEdrz59-fyYU/edit>
Specification
https://github.com/w3c/webappsec-permissions-policy/issues/479
<https://github.com/w3c/webappsec-permissions-policy/issues/479>
Summary
This feature will add
support for wildcard in
permissions policy
structured like
SCHEME://*.HOST:PORT
(e.g., https://*.foo.com/
<http://foo.com/>) where
a valid Origin could be
constructed from
SCHEME://HOST:PORT (e.g.,
https://foo.com/). This
requires that HOST is at
least eTLD+1 (a
registrable domain). This
means that
https://*.bar.foo.com/
<http://bar.foo.com/>
works but https://*.com/
won’t (if you want to
allow all domains to use
the feature, you should
just delegate to *).
Wildcards in the scheme
and port section will be
unsupported and
https://*.foo.com/
<http://foo.com/> does
not delegate to
https://foo.com/.
Before, a permissions
policy might need to look
like:
permissions-policy:
ch-ua-platform-version=(self
"https://foo.com";
"https://cdn1.foo.com";
"https://cdn2.foo.com";)
With this feature, it
could look like:
permissions-policy:
ch-ua-platform-version=(self
"https://foo.com";
"https://*.foo.com
<http://foo.com>")
Blink component
Blink>PermissionsAPI
<https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EPermissionsAPI>
Motivation
The Permissions Policy
specification
<https://w3c.github.io/webappsec-permissions-policy/>“defines
a mechanism that allows
developers to selectively
enable and disable use of
various browser features
and APIs.” One capability
of this mechanism allows
features to be enabled
only on explicitly
enumerated origins (e.g.,
https://foo.com/). This
mechanism is not flexible
enough for the design of
some CDNs, which deliver
content via an origin
that might be hosted on
one of several hundred
possible subdomains.
TAG review
https://github.com/w3ctag/design-reviews/issues/765
<https://github.com/w3ctag/design-reviews/issues/765>
Compatibility
Depending on their user
base, sites may want to
entertain a transition
period for older Chromium
clients, where they
enumerate all subdomains
and include the wildcard
in the permissions policy.
Interoperability
We would be the first to
implement if approved.
Gecko: Will ask
WebKit: Will ask
Links to signal requests?
Web developers:
https://github.com/w3c/webappsec-permissions-policy/issues/479
<https://github.com/WICG/client-hints-infrastructure/issues/108>
Debuggability
Future work might flag
syntax errors in the
Issues tab
<https://docs.google.com/document/d/1lDEvj8tMeuvUs1HTTqL-44YiI-7ljeQkusM_WhUfIeE/edit>.
Is this feature fully
tested by web-platform-tests?
No, but it will be.
Tracking bug
https://crbug.com/1345994
<https://crbug.com/1345994>
Link to entry on the
Chrome Platform Status
https://chromestatus.com/feature/5170361717489664
<https://chromestatus.com/feature/5170361717489664>
~ Ari Chivukula
(Their/There/They're)
--
You received this message
because you are
subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this
group and stop receiving
emails from it, send an
email to
blink-dev+...@chromium.org.
To view this discussion
on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGpy5DLDbhOMWugyzXTKsvjH6koO8g7sV7eg_NQgq0GZeCOQ1A%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGpy5DLDbhOMWugyzXTKsvjH6koO8g7sV7eg_NQgq0GZeCOQ1A%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are
subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop
receiving emails from it, send an email
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGpy5D%2BCusaFBxLhe930f_X%2BvisYes%3DQLOBB8VFevR804kcS_A%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGpy5D%2BCusaFBxLhe930f_X%2BvisYes%3DQLOBB8VFevR804kcS_A%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are
subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop
receiving emails from it, send an email to
blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGpy5D%2Bqnrhs1j0YaFFHmJGCzzE2_YMW6yYe1QYX_PezNHWo2Q%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGpy5D%2Bqnrhs1j0YaFFHmJGCzzE2_YMW6yYe1QYX_PezNHWo2Q%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed
to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving
emails from it, send an email to
blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGpy5DL%2BnwnbfHJe5gk86LPjWEK%2BrjA37Pyv6m43zA418a6LrA%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGpy5DL%2BnwnbfHJe5gk86LPjWEK%2BrjA37Pyv6m43zA418a6LrA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the
Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGpy5DL-%2BBuNvSh46_qWHeCi%3DwY4f_%2BRzA4MN73sx9hp55qBLg%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGpy5DL-%2BBuNvSh46_qWHeCi%3DwY4f_%2BRzA4MN73sx9hp55qBLg%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfXpc5BWaf-bY_UVGn2qzAmzVndQeVswvNhOAFoaZz14ow%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfXpc5BWaf-bY_UVGn2qzAmzVndQeVswvNhOAFoaZz14ow%40mail.gmail.com?utm_medium=email&utm_source=footer>.
