LGTM3, thanks for making this change visible.

On Mon, Mar 13, 2023 at 11:42 PM TAMURA, Kent <tk...@chromium.org> wrote:

> LGTM2.
> I agree with Yoav.
>
>
> On Mon, Mar 13, 2023 at 6:59 PM Yoav Weiss <yoavwe...@chromium.org> wrote:
>
>> LGTM1. This seems like a reasonable, compatible addition which doesn't
>> modify the interop risk calculus.
>>
>> On Thu, Mar 9, 2023 at 2:26 PM 'Takashi Toyoshima' via blink-dev <
>> blink-dev@chromium.org> wrote:
>>
>>> Hi blink-dev,
>>> This Intent to Ship is a bit unusual because we accidentally launched
>>> this change in M110, and are now properly going through the Intent to Ship
>>> process.
>>>
>>> Here is the Intent, and let us know if there's anything else we should
>>> do to handle this unusual situation:
>>> We already modify our workflow to track each launch process closely with
>>> our TPM so to avoid this kind of mistakes in the future.
>>>
>>
>> Thanks for catching that and aligning your workflows to prevent future
>> web exposed changes from bypassing the process.
>>
>>
>>>
>>> Contact emails
>>>
>>> toyos...@chromium.org
>>>
>>> Specification
>>>
>>> https://wicg.github.io/nav-speculation/speculation-rules.html
>>>
>>> https://github.com/WICG/nav-speculation/pull/213
>>>
>>> https://github.com/WICG/nav-speculation/pull/245
>>>
>>> Summary
>>>
>>> Speculation rules are inlined in script tags, but their use will be
>>> restricted by Content Security Policy as unsafe inline scripts even if the
>>> speculation rules are safe.
>>>
>>> So, we extend the Content Security Policy to have a new source keyword,
>>> ‘inline-speculation-rules’, for inline uses of speculation rules. With this
>>> new keyword, we can permit inline speculation rules without permitting
>>> inline scripts.
>>>
>>>
>>> Blink component
>>>
>>> Blink>SecurityFeature>ContentSecurityPolicy
>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3EContentSecurityPolicy>
>>>
>>> TAG review
>>>
>>>
>>> https://github.com/w3ctag/design-reviews/issues/721#issuecomment-1461312356
>>>
>>> TAG review status
>>>
>>> On going as a delta for Speculation Rules (Prefetch)
>>> <https://github.com/w3ctag/design-reviews/issues/721>
>>>
>>> Risks
>>>
>>> Interoperability and Compatibility
>>>
>>> Gecko: No signal
>>> <https://github.com/mozilla/standards-positions/issues/620>
>>>
>>> WebKit: No signal
>>> <https://github.com/WebKit/standards-positions/issues/54>
>>>
>>> Web developers: We heard positive feedback from partners as there was
>>> no handy approach to permit speculation rules without allowing unsafe
>>> inline scripts.
>>>
>>> Other signals:
>>>
>>> WebView application risks
>>>
>>> No incompatible change for existing APIs.
>>>
>>>
>>> Debuggability
>>>
>>> DevTools show proper warning messages as we do for other CSP violations.
>>>
>>> Will this feature be supported on all six Blink platforms (Windows, Mac,
>>> Linux, Chrome OS, Android, and Android WebView)?
>>>
>>> Yes
>>>
>>> Is this feature fully tested by web-platform-tests
>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>
>>> ?
>>>
>>> Yes, in speculation-rules/prerender/csp-script-src-*
>>>
>>> Flag name
>>>
>>> N/A
>>> (base::Feature is
>>> network::features::kPrerender2ContentSecurityPolicyExtensions)
>>>
>>> Requires code in //chrome?
>>>
>>> False for web exposed changes, but have a small change in
>>> chrome/browser/extensions/ to support it in Chrome Extensions too.
>>>
>>> Estimated milestones
>>>
>>> 110
>>>
>>> Anticipated spec changes
>>>
>>> No specific concern.
>>>
>>> Link to entry on the Chrome Platform Status
>>>
>>> https://chromestatus.com/feature/5182859125456896
>>>
>>> This intent message was generated by Chrome Platform Status
>>> <https://chromestatus.com/>.
>>>
>>> --
>>> Takashi Toyoshima
>>> Software Engineer, Google
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "blink-dev" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to blink-dev+unsubscr...@chromium.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFWCB1n7ON2v4Vv%2BYfvk%3DMt5g7zY62eGoy53HKrPzAHp1C1sMw%40mail.gmail.com
>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFWCB1n7ON2v4Vv%2BYfvk%3DMt5g7zY62eGoy53HKrPzAHp1C1sMw%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "blink-dev" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to blink-dev+unsubscr...@chromium.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfUsKocFhZstwhy5S-nuawDC_3unUpCgOT1fc%3Dz1Uf3fKg%40mail.gmail.com
>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfUsKocFhZstwhy5S-nuawDC_3unUpCgOT1fc%3Dz1Uf3fKg%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
>
>
> --
> TAMURA Kent
> Software Engineer, Google
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "blink-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to blink-dev+unsubscr...@chromium.org.
> To view this discussion on the web visit
> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGH7WqEkunFoxs5pq5wFrHaABtq76XhxL2pNUweWcoi8SYDoqg%40mail.gmail.com
> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGH7WqEkunFoxs5pq5wFrHaABtq76XhxL2pNUweWcoi8SYDoqg%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit 
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAARdPYe3GKEe4bvNfgJ1EFjv96_hNtBTO%2BSpqzYxELCqJP5aUg%40mail.gmail.com.

Reply via email to