Contact emails
nriba...@igalia.com
Explainer
None
Specification
https://html.spec.whatwg.org/#fetch-a-single-module-script
Summary
CSS and JSON modules will be fetched using a specific fetch destination
(either "css" or "json") rather than a generic "script", that is
normally used for JavaScript modules. This has the following effects: -
the `Accept` HTTP header in the request will describe the expected mime
type (`text/css,*/*;q=0.1` or `application/json,*/*;q=0.5`) - those
modules will respect the style-src or connect-src Content Security
Policies, rather than using JavaScript's script-src - When inspecting
the request's destination (either through a service worker or through
the `Sec-Fetch-Destination` HTTP header) it will be reported as `"css"`
or `"json"`, rather than empty.
Blink component
Blink>HTML>Modules
<https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink>HTML>Modules>
Search tags
CSS modules <https://chromestatus.com/features#tags:CSS modules>, JSON
modules <https://chromestatus.com/features#tags:JSON modules>, imports
<https://chromestatus.com/features#tags:imports>, CSP
<https://chromestatus.com/features#tags:CSP>, fetch destination
<https://chromestatus.com/features#tags:fetch destination>
TAG review
None
TAG review status
Not applicable
Risks
Interoperability and Compatibility
None
/Gecko/: No signal
/WebKit/: Positive
(https://github.com/WebKit/standards-positions/issues/128) Webkit was
supportive of the import attributes proposal conditional on these
changes to how JSON/CSS modules are fetched
/Web developers/: No signals
/Other signals/:
Security
This feature better aligns usage of CSP directives to user expectations
(e.g. using style-src for CSS)
WebView application risks
Does this intent deprecate or change behavior of existing APIs, such
that it has potentially high risk for Android WebView-based applications?
None
Debuggability
None
Will this feature be supported on all six Blink platforms
(Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?
No
Is this feature fully tested by web-platform-tests
<https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?
Yes
-
https://wpt.fyi/results/fetch/api/request/destination/fetch-destination.https.html
-
https://wpt.fyi/results/content-security-policy/connect-src/connect-src-json-import-allowed.sub.html
-
https://wpt.fyi/results/content-security-policy/connect-src/connect-src-json-import-blocked.sub.html
-
https://wpt.fyi/results/content-security-policy/style-src/import-style-allowed.sub.html
-
https://wpt.fyi/results/content-security-policy/style-src/import-style-blocked.sub.html
Flag name on chrome://flags
None
Finch feature name
kFetchDestinationJsonCssModules
Requires code in //chrome?
False
Tracking bug
https://bugs.chromium.org/p/chromium/issues/detail?id=1491336
Estimated milestones
No milestones specified
Anticipated spec changes
None
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/4839834432831488
This intent message was generated by Chrome Platform Status
<https://chromestatus.com>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/f2ce514c-9f0b-4431-8b45-1b2f5a86007d%40igalia.com.
