Sorry if this is not the right place to ask but I'm curious what the status of this is? I'm on WebView 141 and it is still sending the X-Requested-With header.
On Wednesday, April 19, 2023 at 2:55:38 PM UTC-5 Chris Harrelson wrote: > LGTM3 > > On Wed, Apr 12, 2023 at 1:14 AM Peter Birk Pakkenberg <pb...@chromium.org> > wrote: > >> Thank you Mike and Yoav, >> >> Can I get a third LGTM to let me proceed to a 1% roll-out on stable? >> >> >> Sincerely, >> [image: Google Logo] >> Peter Birk Pakkenberg >> Software Engineer >> pb...@chromium.org >> >> >> On Fri, 7 Apr 2023 at 12:05, Yoav Weiss <yoav...@chromium.org> wrote: >> >>> LGTM2 >>> >>> It seems like there's no way for us to know who relies on this without >>> trying the removal and finding out. Slow and careful rollout makes sense in >>> that case. >>> >>> On Wed, Apr 5, 2023 at 8:58 PM Mike Taylor <mike...@chromium.org> wrote: >>> >>>> Apologies Peter, this intent fell off the radar of our tooling. >>>> >>>> LGTM1 to proceed with the outlined plan. Thanks for creating a >>>> deprecation trial and blogging about it. >>>> On 4/5/23 1:07 PM, Peter Birk Pakkenberg wrote: >>>> >>>> Hello blink-dev@ >>>> >>>> Are there any objections or questions about starting the removal of >>>> this header? >>>> >>>> If not, I would appreciate LGTM's to let me proceed with a 1% stable >>>> roll-out in M112. >>>> >>>> Sincerely, >>>> [image: Google Logo] >>>> Peter Birk Pakkenberg >>>> Software Engineer >>>> pb...@chromium.org >>>> >>>> >>>> On Thu, 30 Mar 2023 at 16:17, Peter Birk Pakkenberg <pb...@chromium.org> >>>> wrote: >>>> >>>>> Hello blink-dev@ >>>>> >>>>> Are there any objections to start shipping this feature in M112? >>>>> >>>>> Sincerely, >>>>> [image: Google Logo] >>>>> Peter Birk Pakkenberg >>>>> Software Engineer >>>>> pb...@chromium.org >>>>> >>>>> >>>>> On Wed, 15 Mar 2023 at 14:24, Peter Birk Pakkenberg < >>>>> pb...@chromium.org> wrote: >>>>> >>>>>> Hi Mike, >>>>>> >>>>>> We plan to keep the setRequestedWithHeaderOriginAllowList API for the >>>>>> duration of the XRW origin trial, but have not made any decisions beyond >>>>>> that at this point in either direction. >>>>>> >>>>>> Sincerely, >>>>>> [image: Google Logo] >>>>>> Peter Birk Pakkenberg >>>>>> Software Engineer >>>>>> pb...@chromium.org >>>>>> >>>>>> >>>>>> On Mon, 13 Mar 2023 at 14:41, Mike Taylor <mike...@chromium.org> >>>>>> wrote: >>>>>> >>>>>>> On 3/13/23 9:11 AM, Peter Birk Pakkenberg wrote: >>>>>>> >>>>>>> Contact emails >>>>>>> >>>>>>> pb...@chromium.org >>>>>>> >>>>>>> Explainer >>>>>>> >>>>>>> Android Developer Blog post >>>>>>> <https://android-developers.googleblog.com/2023/02/improving-user-privacy-by-requiring-opt-in-to-send-x-requested-wih-header-from-webview.html> >>>>>>> >>>>>>> Summary >>>>>>> >>>>>>> Removes the default X-Requested-With header from HTTP requests made >>>>>>> by WebView. >>>>>>> >>>>>>> The X-Requested-With header is set by WebView, with the package name >>>>>>> of the embedding apk as the value. >>>>>>> >>>>>>> This use of the header will be discontinued. >>>>>>> >>>>>>> Developers who rely on this header can sign up for a deprecation >>>>>>> origin trial >>>>>>> <https://developer.chrome.com/origintrials/#/view_trial/1390486384950640641> >>>>>>> >>>>>>> to continue to receive the header during the deprecation period. >>>>>>> >>>>>>> The deprecation origin trial will be extended until replacement APIs >>>>>>> are available to address use cases of the header, as explained in this >>>>>>> Android >>>>>>> Developer Blog post >>>>>>> <https://android-developers.googleblog.com/2023/02/improving-user-privacy-by-requiring-opt-in-to-send-x-requested-wih-header-from-webview.html> >>>>>>> . >>>>>>> >>>>>>> The roll-out of this removal will be slower than usual. See >>>>>>> “Estimated milestones” below. >>>>>>> >>>>>>> Blink component >>>>>>> >>>>>>> Mobile>WebView >>>>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Mobile%3EWebView> >>>>>>> >>>>>>> Search tags >>>>>>> >>>>>>> Headers <https://chromestatus.com/features#tags:Headers> >>>>>>> >>>>>>> TAG review >>>>>>> >>>>>>> TAG review status >>>>>>> >>>>>>> Not applicable >>>>>>> >>>>>>> Risks >>>>>>> >>>>>>> Interoperability and Compatibility >>>>>>> >>>>>>> Gecko: N/A >>>>>>> >>>>>>> WebKit: N/A >>>>>>> >>>>>>> Web developers: No signals >>>>>>> >>>>>>> Other signals: >>>>>>> >>>>>>> WebView application risks >>>>>>> >>>>>>> Does this intent deprecate or change behavior of existing APIs, such >>>>>>> that it has potentially high risk for Android WebView-based >>>>>>> applications? >>>>>>> >>>>>>> This feature removes a header sent by default by WebView. It should >>>>>>> have no direct impact on applications using WebViews, but sites loaded >>>>>>> in >>>>>>> the WebView will no longer receive the X-Requested-With header unless >>>>>>> the >>>>>>> app explicitly allowlist the site >>>>>>> <https://developer.android.com/reference/androidx/webkit/WebSettingsCompat#setRequestedWithHeaderOriginAllowList(android.webkit.WebSettings,java.util.Set%3Cjava.lang.String%3E)> >>>>>>> >>>>>>> to receive the header or the site participates in the deprecation trial. >>>>>>> >>>>>>> Do you expect to deprecate setRequestedWithHeaderOriginAllowList at >>>>>>> some future point? >>>>>>> >>>>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>>>> Mac, Linux, Chrome OS, Android, and Android WebView)? >>>>>>> >>>>>>> No >>>>>>> >>>>>>> WebView-only feature being deprecated >>>>>>> >>>>>>> >>>>>>> Is this feature fully tested by web-platform-tests >>>>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>>>> ? >>>>>>> >>>>>>> No - WebView is not covered by Web Platform Tests. >>>>>>> >>>>>>> Flag name >>>>>>> >>>>>>> WebViewXRequestedWithHeaderControl >>>>>>> >>>>>>> Requires code in //chrome? >>>>>>> >>>>>>> False >>>>>>> >>>>>>> Tracking bug >>>>>>> >>>>>>> https://crbug.com/960720 >>>>>>> >>>>>>> Estimated milestones >>>>>>> >>>>>>> - >>>>>>> >>>>>>> Roll-out in M111 beta (up to 50%) >>>>>>> - >>>>>>> >>>>>>> Roll-out in M112 stable (up to 1%) >>>>>>> - >>>>>>> >>>>>>> Roll-out to M113 stable (up to 5%) >>>>>>> >>>>>>> Further roll-out to be assessed based on developer input and >>>>>>> feedback, considering that people might need time to adopt the OT. >>>>>>> >>>>>>> While we have announced the change through public developer >>>>>>> communications and direct outreach to several partners, receiving >>>>>>> mostly >>>>>>> positive or neutral feedback, we expect that negative impacts, if any, >>>>>>> will >>>>>>> be more visible at 1% and 5% of stable traffic. We may want to allow >>>>>>> more >>>>>>> time to adopt the deprecation trial before continuing to ramp up. >>>>>>> >>>>>>> This looks like a reasonable, conservative rollout plan, thanks. >>>>>>> >>>>>>> Link to entry on the Chrome Platform Status >>>>>>> >>>>>>> https://chromestatus.com/feature/5160086884843520 >>>>>>> >>>>>>> Links to previous Intent discussions >>>>>>> >>>>>>> Intent to Deprecate: >>>>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/k9HL9muJPxs >>>>>>> >>>>>>> >>>>>>> This intent message was generated by Chrome Platform Status >>>>>>> <https://chromestatus.com/>. >>>>>>> >>>>>>> >>>>>>> Sincerely, >>>>>>> [image: Google Logo] >>>>>>> Peter Birk Pakkenberg >>>>>>> Software Engineer >>>>>>> pb...@chromium.org >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "blink-dev" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to blink-dev+...@chromium.org. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACvTYjtyf389m7ywT7042GXBzVCz4z6Pmn9UCNztMA23ewTZqw%40mail.gmail.com >>>>>>> >>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACvTYjtyf389m7ywT7042GXBzVCz4z6Pmn9UCNztMA23ewTZqw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "blink-dev" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to blink-dev+...@chromium.org. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/63373d78-6db4-e974-2451-24fad35903da%40chromium.org >>>> >>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/63373d78-6db4-e974-2451-24fad35903da%40chromium.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+...@chromium.org. >> > To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACvTYjuUBd_9qULnJyumjR7ye_DRQcv_oULzPJpx8TQ_aLWOWA%40mail.gmail.com >> >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACvTYjuUBd_9qULnJyumjR7ye_DRQcv_oULzPJpx8TQ_aLWOWA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/276d7f6a-1af3-4d83-bdb6-59d446c8685dn%40chromium.org.
