LGTM2 for devtools warnings in this case. Should we also consider deprecation reports?
On Fri, Nov 11, 2022 at 2:23 PM 'Jonathan Hao' via blink-dev < [email protected]> wrote: > Yes, Chris. We're going to add UseCounters to see how many of the private > network requests are same-origin or same-site, which we can safely allow in > secure contexts. > > On Thu, Nov 10, 2022 at 5:40 PM Chris Harrelson <[email protected]> > wrote: > >> LGTM1 to add these warnings. >> >> I assume you'll come back to the other intent with the results regarding >> whether the use counter went down as a result? >> >> On Thu, Nov 10, 2022 at 7:06 AM 'Jonathan Hao' via blink-dev < >> [email protected]> wrote: >> >>> Contact [email protected], [email protected], [email protected] >>> >>> Specificationhttp://wicg.github.io/private-network-access >>> >>> Design docs >>> >>> https://docs.google.com/document/d/1fFSY8bExYZvKTDBBS0flry6E6Ihn63HOr0JhD2fB7ko/edit >>> >>> Summary >>> >>> This feature applies Private Network Access checks to web workers: >>> dedicated workers, shared workers and service workers. These checks apply >>> to all worker-specific fetches: - initial worker script fetch - fetch >>> within workers - service worker script update fetch >>> >>> In this first step, we'd like to ship warnings in DevTools to M110 when >>> the above fetches happen. Currently, 0.000319% of worker script fetches >>> [1] and 0.043019% of the fetches within workers [2] are private network >>> access. We think we can drive the number further down if we show warnings >>> in DevTools. We're also looking into allowing same-origin or same-site >>> requests, as Titouan mentioned in this thread >>> https://groups.google.com/a/chromium.org/g/blink-dev/c/FlenxUPCDec/m/C9LuRoQQAwAJ >>> . >>> >>> [1] https://chromestatus.com/metrics/feature/timeline/popularity/4145 >>> [2] https://chromestatus.com/metrics/feature/timeline/popularity/4150 >>> >>> Blink componentBlink>SecurityFeature>CORS>PrivateNetworkAccess >>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3ECORS%3EPrivateNetworkAccess> >>> >>> TAG review >>> >>> TAG review statusNot applicable >>> >>> Risks >>> >>> >>> Interoperability and Compatibility >>> >>> >>> >>> *Gecko*: Worth prototyping ( >>> https://github.com/mozilla/standards-positions/issues/143) >>> >>> *WebKit*: No signal >>> >>> *Web developers*: No signals >>> >>> *Other signals*: >>> >>> WebView application risks >>> >>> Does this intent deprecate or change behavior of existing APIs, such >>> that it has potentially high risk for Android WebView-based applications? >>> >>> >>> >>> Debuggability >>> >>> TODO >>> >>> >>> Will this feature be supported on all six Blink platforms (Windows, Mac, >>> Linux, Chrome OS, Android, and Android WebView)?No >>> >>> Not enabled by default on Android WebView due to the lack of support for >>> deprecation trials. >>> >>> >>> Is this feature fully tested by web-platform-tests >>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>> ?No >>> >>> Flag namePrivateNetworkAccessForWorkers >>> >>> Requires code in //chrome?False >>> >>> Tracking bughttps://crbug.com/1371454 >>> >>> Estimated milestones >>> >>> M110 to M112 >>> >>> >>> Anticipated spec changes >>> >>> Open questions about a feature may be a source of future web compat or >>> interop issues. Please list open issues (e.g. links to known github issues >>> in the project for the feature specification) whose resolution may >>> introduce web compat/interop risk (e.g., changing to naming or structure of >>> the API in a non-backward-compatible way). >>> >>> >>> Link to entry on the Chrome Platform Status >>> https://chromestatus.com/feature/5742979561029632 >>> >>> This intent message was generated by Chrome Platform Status >>> <https://chromestatus.com/>. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOC%3DiPK3PjhegFsCw8SPgddOzZJUZcwzAP2Z99AKG5KXgS%3DGjg%40mail.gmail.com >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOC%3DiPK3PjhegFsCw8SPgddOzZJUZcwzAP2Z99AKG5KXgS%3DGjg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOC%3DiPKgWxJdQ7rG4gOan9XV_CN%2BwzR8LDUrYvVGU0nGb-NoNw%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOC%3DiPKgWxJdQ7rG4gOan9XV_CN%2BwzR8LDUrYvVGU0nGb-NoNw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfWRzpt4rFiGg3jEJaievgN4yxEQAk4gx4EStDHVq-PqkQ%40mail.gmail.com.
