Contact emails [email protected], [email protected]
Explainer https://github.com/WICG/nav-speculation/blob/main/prerendering-same-site.md#more-details-on-cross-origin-same-site https://github.com/WICG/nav-speculation/blob/main/opt-in.md Specification https://wicg.github.io/nav-speculation/prerendering.html#navigate-fetch-patch Design docs https://docs.google.com/document/d/1WsDYA8NMCSwsK8dXCKdajdAd3ZcQUu9w1eoe0hEB_nU/edit?usp=sharing Summary Previously <https://chromestatus.com/feature/5355965538893824> we launched same-origin prerendering triggered by the speculation rules API. This expands coverage to also allow triggering same-site cross-origin <https://web.dev/same-site-same-origin/> pages. This prerendering will be done with credentials and storage access, but such prerender targets will need to opt in by using the `Supports-Loading-Mode: credentialed-prerender` header. Blink component Internals>Preload>Prerender <https://bugs.chromium.org/p/chromium/issues/list?q=component:Internals%3EPreload%3EPrerender> TAG review https://github.com/w3ctag/design-reviews/issues/721#issuecomment-1235043792 TAG review status Pending RisksInteroperability and Compatibility This feature does not have significant interoperability or compatibility risks on top of the already-shipped same-origin prerendering feature. This is mostly a straightforward extension of that. The only potentially-interesting questions are around the design of the Supports-Loading-Mode header, which is the main new web-exposed "API". We've designed the header with an eye toward being easily implementable and future-extensible, using the structured headers infrastructure. Gecko: No signal. No signal on previous requests for prerendering and prefetching. I added a comment <https://github.com/mozilla/standards-positions/issues/613#issuecomment-1235040904> to the existing issue about prerendering. WebKit: No signal. No signal on previous requests for prerendering and prefetching. I took this opportunity to re-file <https://github.com/WebKit/standards-positions/issues/54> on their new GitHub repository in the hopes of getting some feedback, and there was some brief discussion of the cross-site case, but nothing about the same-site cross-origin case. Web developers: Positive. We've heard from a few partners that they want to prerender among other same-site origins they own, but cannot yet do so. Ergonomics This feature is triggered by the speculation rules API: https://chromestatus.com/feature/5740655424831488 ActivationUsing this feature requires the target page to have some control over its HTTP headers. This is not possible on some hosting sites, e.g. GitHub Pages. We have envisioned a future extension of allowing a <meta> version of Supports-Loading-Mode <https://github.com/WICG/nav-speculation/blob/main/opt-in.md#an-in-markup-version> that could address this, but have not yet heard of a concrete case where this would be necessary, so it is not included in this Intent. SecurityThis feature allows one origin to cause another origin to be rendered, including its JavaScript code. Because this can be dangerous, we require the target origin to opt in using the Supports-Loading-Mode header. This feature respects the cross-origin-isolation process model, to prevent the referrer and target pages from attacking each other through side channels. These issues are discussed further in the design doc <https://docs.google.com/document/d/1WsDYA8NMCSwsK8dXCKdajdAd3ZcQUu9w1eoe0hEB_nU/edit?usp=sharing> and explainer <https://github.com/WICG/nav-speculation/blob/main/prerendering-same-site.md#more-details-on-cross-origin-same-site> . WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? This feature is not available on WebView. Debuggability DevTools support for prerendering in general remains in the early stages; you can track that work in https://crbug.com/1217029, or see our general development guide <https://docs.google.com/document/d/1bCDZUXa4HiiwsI9B9NEPzaXQekzHea1D0mRO4Z_9cNU/edit> . However, this expansion to cross-origin same-site target pages does not have any special debuggability concerns. Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)? No. Prerendering is not supported on Android WebView. Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ? Yes <https://chromium-review.googlesource.com/c/chromium/src/+/3944113> Flag name SameSiteCrossOriginForSpeculationRulesPrerender Requires code in //chrome? False Tracking bug https://bugs.chromium.org/p/chromium/issues/detail?id=1356449 Estimated milestones Ship in 109 on both desktop and Android. Anticipated spec changes None. Link to entry on the Chrome Platform Status https://chromestatus.com/feature/4899735257743360 Links to previous Intent discussions Intent to Prototype <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAM0wra8B6wL%3Dz8NSxWVq713ZetPfQGh%3DfBBk_BO37qac1zOc6Q%40mail.gmail.com> This intent message was generated by Chrome Platform Status <https://chromestatus.com/> and tweaked by hand. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAM0wra_4fY7iqvNfDO6B1XR9w0Sff90R7ejaY04dn0AMjjXucA%40mail.gmail.com.
