Hello, For those looking for the spec diff relative to this change, you can find it in the HTML and Fetch PRs that introduced it: https://github.com/whatwg/html/pull/9486, https://github.com/whatwg/fetch/pull/1691
--- Nicolò Ribaudo On Monday, January 8, 2024 at 2:20:43 PM UTC+1 Nicolò Ribaudo wrote: > Contact emails nrib...@igalia.com > > Explainer None > > Specification https://html.spec.whatwg.org/#fetch-a-single-module-script > > Summary > > CSS and JSON modules will be fetched using a specific fetch destination > (either "css" or "json") rather than a generic "script", that is normally > used for JavaScript modules. This has the following effects: - the `Accept` > HTTP header in the request will describe the expected mime type > (`text/css,*/*;q=0.1` or `application/json,*/*;q=0.5`) - those modules will > respect the style-src or connect-src Content Security Policies, rather than > using JavaScript's script-src - When inspecting the request's destination > (either through a service worker or through the `Sec-Fetch-Destination` > HTTP header) it will be reported as `"css"` or `"json"`, rather than empty. > > > Blink component Blink>HTML>Modules > <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EHTML%3EModules> > > > Search tags CSS modules > <https://chromestatus.com/features#tags:CSS%20modules>, JSON modules > <https://chromestatus.com/features#tags:JSON%20modules>, imports > <https://chromestatus.com/features#tags:imports>, CSP > <https://chromestatus.com/features#tags:CSP>, fetch destination > <https://chromestatus.com/features#tags:fetch%20destination> > > TAG review None > > TAG review status Not applicable > > Risks > > > Interoperability and Compatibility > > None > > > *Gecko*: No signal > > *WebKit*: Positive ( > https://github.com/WebKit/standards-positions/issues/128) Webkit was > supportive of the import attributes proposal conditional on these changes > to how JSON/CSS modules are fetched > > *Web developers*: No signals > > *Other signals*: > > Security > > This feature better aligns usage of CSP directives to user expectations > (e.g. using style-src for CSS) > > > WebView application risks > > Does this intent deprecate or change behavior of existing APIs, such that > it has potentially high risk for Android WebView-based applications? > > None > > > Debuggability > > None > > > Will this feature be supported on all six Blink platforms (Windows, Mac, > Linux, ChromeOS, Android, and Android WebView)? No > > Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> > ? Yes > > - > https://wpt.fyi/results/fetch/api/request/destination/fetch-destination.https.html > > - > https://wpt.fyi/results/content-security-policy/connect-src/connect-src-json-import-allowed.sub.html > > - > https://wpt.fyi/results/content-security-policy/connect-src/connect-src-json-import-blocked.sub.html > > - > https://wpt.fyi/results/content-security-policy/style-src/import-style-allowed.sub.html > > - > https://wpt.fyi/results/content-security-policy/style-src/import-style-blocked.sub.html > > > Flag name on chrome://flags None > > Finch feature name kFetchDestinationJsonCssModules > > Requires code in //chrome? False > > Tracking bug https://bugs.chromium.org/p/chromium/issues/detail?id=1491336 > > Estimated milestones > > No milestones specified > > > Anticipated spec changes None > > Link to entry on the Chrome Platform Status > https://chromestatus.com/feature/4839834432831488 > > This intent message was generated by Chrome Platform Status > <https://chromestatus.com>. > > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/7cace640-5baf-4325-9902-ed5472cb6be0n%40chromium.org.