Yes, Chris. We're going to add UseCounters to see how many of the private network requests are same-origin or same-site, which we can safely allow in secure contexts.
On Thu, Nov 10, 2022 at 5:40 PM Chris Harrelson <[email protected]> wrote: > LGTM1 to add these warnings. > > I assume you'll come back to the other intent with the results regarding > whether the use counter went down as a result? > > On Thu, Nov 10, 2022 at 7:06 AM 'Jonathan Hao' via blink-dev < > [email protected]> wrote: > >> Contact [email protected], [email protected], [email protected] >> >> Specificationhttp://wicg.github.io/private-network-access >> >> Design docs >> >> https://docs.google.com/document/d/1fFSY8bExYZvKTDBBS0flry6E6Ihn63HOr0JhD2fB7ko/edit >> >> Summary >> >> This feature applies Private Network Access checks to web workers: >> dedicated workers, shared workers and service workers. These checks apply >> to all worker-specific fetches: - initial worker script fetch - fetch >> within workers - service worker script update fetch >> >> In this first step, we'd like to ship warnings in DevTools to M110 when >> the above fetches happen. Currently, 0.000319% of worker script fetches >> [1] and 0.043019% of the fetches within workers [2] are private network >> access. We think we can drive the number further down if we show warnings >> in DevTools. We're also looking into allowing same-origin or same-site >> requests, as Titouan mentioned in this thread >> https://groups.google.com/a/chromium.org/g/blink-dev/c/FlenxUPCDec/m/C9LuRoQQAwAJ >> . >> >> [1] https://chromestatus.com/metrics/feature/timeline/popularity/4145 >> [2] https://chromestatus.com/metrics/feature/timeline/popularity/4150 >> >> Blink componentBlink>SecurityFeature>CORS>PrivateNetworkAccess >> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3ECORS%3EPrivateNetworkAccess> >> >> TAG review >> >> TAG review statusNot applicable >> >> Risks >> >> >> Interoperability and Compatibility >> >> >> >> *Gecko*: Worth prototyping ( >> https://github.com/mozilla/standards-positions/issues/143) >> >> *WebKit*: No signal >> >> *Web developers*: No signals >> >> *Other signals*: >> >> WebView application risks >> >> Does this intent deprecate or change behavior of existing APIs, such that >> it has potentially high risk for Android WebView-based applications? >> >> >> >> Debuggability >> >> TODO >> >> >> Will this feature be supported on all six Blink platforms (Windows, Mac, >> Linux, Chrome OS, Android, and Android WebView)?No >> >> Not enabled by default on Android WebView due to the lack of support for >> deprecation trials. >> >> >> Is this feature fully tested by web-platform-tests >> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >> ?No >> >> Flag namePrivateNetworkAccessForWorkers >> >> Requires code in //chrome?False >> >> Tracking bughttps://crbug.com/1371454 >> >> Estimated milestones >> >> M110 to M112 >> >> >> Anticipated spec changes >> >> Open questions about a feature may be a source of future web compat or >> interop issues. Please list open issues (e.g. links to known github issues >> in the project for the feature specification) whose resolution may >> introduce web compat/interop risk (e.g., changing to naming or structure of >> the API in a non-backward-compatible way). >> >> >> Link to entry on the Chrome Platform Status >> https://chromestatus.com/feature/5742979561029632 >> >> This intent message was generated by Chrome Platform Status >> <https://chromestatus.com/>. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOC%3DiPK3PjhegFsCw8SPgddOzZJUZcwzAP2Z99AKG5KXgS%3DGjg%40mail.gmail.com >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOC%3DiPK3PjhegFsCw8SPgddOzZJUZcwzAP2Z99AKG5KXgS%3DGjg%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOC%3DiPKgWxJdQ7rG4gOan9XV_CN%2BwzR8LDUrYvVGU0nGb-NoNw%40mail.gmail.com.
