LGTM2 On Wed, Nov 12, 2025 at 7:24 AM Daniel Bratell <[email protected]> wrote:
> LGTM1 > > /Daniel > On 2025-11-06 16:21, Mike Taylor wrote: > > *Contact emails* > [email protected] > > *Explainer* > https://github.com/WICG/ua-client-hints/blob/main/README.md (probably > more useful to look at the Summary & Motivation) > > *Specification* > https://wicg.github.io/ua-client-hints/#ch-ua-high-entropy-values > > *Summary* > Adds support for a 'ch-ua-high-entropy-values' permissions policy that > enables a top-level site to restrict which documents are able to collect > high-entropy client hints via the > navigator.userAgentData.getHighEntropyValues() JS API. Restricting > collection of high-entropy hints over HTTP is already possible via existing > per-client-hint permissions policies. > > *Blink component* > Blink > Network > ClientHints > <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%20%3E%20Network%20%3E%20ClientHints%22> > > *Web Feature ID* > ua-client-hints <https://webstatus.dev/features/ua-client-hints> > > *Motivation* > Currently it's only possible to restrict third-party collection of > high-entropy User-Agent Client Hints when they're requested over HTTP (via > the various permissions policies associated with each Client Hint, i.e., > https://wicg.github.io/client-hints-infrastructure/#policy-controlled-features). > The permissions policy introduced in this change allows a first-party site > to have more control over which third-parties are allowed to request > high-entropy client hints via the getHighEntropyValues JS API, which could > be deployed alongside the other permissions policies. > > *Initial public proposal* > https://github.com/WICG/ua-client-hints/issues/151#issuecomment-783668130 > > *TAG review* > N/A: UA-CH has already been reviewed by TAG, and this is a small, > incremental addition to the API. > > *TAG review status* > Not applicable > > *Risks* > > > *Interoperability and Compatibility* > *No information provided* > > *Gecko*: Neutral ( > https://mozilla.github.io/standards-positions/#ua-client-hints) I haven't > requested a new position for this small addition, since they don't support > any of it, but they are neutral on the API itself. > > *WebKit*: No signal ( > https://github.com/WebKit/standards-positions/issues/70#issuecomment-3488097085) > No > official position, as it's blocked on a position on Client Hints in > general. But I have left a comment with a pointer to this feature. > > *Web developers*: No signals > > *Other signals*: > > *WebView application risks* > > Does this intent deprecate or change behavior of existing APIs, such that > it has potentially high risk for Android WebView-based applications? > N/A > > > *Debuggability* > *No information provided* > > *Will this feature be supported on all six Blink platforms (Windows, Mac, > Linux, ChromeOS, Android, and Android WebView)?* > No > > *Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?* > Yes > https://wpt.fyi/results/client-hints/permissions-policy?label=experimental&label=master&aligned > > > > *Flag name on about://flags* > *No information provided* > > *Finch feature name* > ClientHintUAHighEntropyValuesPermissionPolicy > > *Rollout plan* > Will ship enabled for all users > > *Requires code in //chrome?* > False > > *Tracking bug* > https://issues.chromium.org/issues/385161047 > > *Launch bug* > https://launch.corp.google.com/launch/4366844 > > *Estimated milestones* > Shipping on desktop 144 > Shipping on Android 144 > Shipping on WebView 144 > > *Anticipated spec changes* > > Open questions about a feature may be a source of future web compat or > interop issues. Please list open issues (e.g. links to known github issues > in the project for the feature specification) whose resolution may > introduce web compat/interop risk (e.g., changing to naming or structure of > the API in a non-backward-compatible way). > None > > *Link to entry on the Chrome Platform Status* > https://chromestatus.com/feature/6176703867781120?gate=5312509740056576 > > *Links to previous Intent discussions* > Intent to Prototype: > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/d302cc34-870b-4978-a583-4918ee1631c0%40chromium.org > > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/1b137562-7c7a-4946-98d8-6e239a20a949%40chromium.org > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/1b137562-7c7a-4946-98d8-6e239a20a949%40chromium.org?utm_medium=email&utm_source=footer> > . > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/97279e8b-c0c7-4b3d-822d-614745d52faa%40gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/97279e8b-c0c7-4b3d-822d-614745d52faa%40gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw8OM%2BT-QRhhmqWkRKK0BBWLyzzRxhHg%3DPZ8TEP4qturSQ%40mail.gmail.com.
