LGTM3 On Wednesday, November 12, 2025 at 11:06:13 AM UTC-5 Chris Harrelson wrote:
> LGTM2 > > On Wed, Nov 12, 2025 at 7:24 AM Daniel Bratell <[email protected]> > wrote: > >> LGTM1 >> >> /Daniel >> On 2025-11-06 16:21, Mike Taylor wrote: >> >> *Contact emails* >> [email protected] >> >> *Explainer* >> https://github.com/WICG/ua-client-hints/blob/main/README.md (probably >> more useful to look at the Summary & Motivation) >> >> *Specification* >> https://wicg.github.io/ua-client-hints/#ch-ua-high-entropy-values >> >> *Summary* >> Adds support for a 'ch-ua-high-entropy-values' permissions policy that >> enables a top-level site to restrict which documents are able to collect >> high-entropy client hints via the >> navigator.userAgentData.getHighEntropyValues() JS API. Restricting >> collection of high-entropy hints over HTTP is already possible via existing >> per-client-hint permissions policies. >> >> *Blink component* >> Blink > Network > ClientHints >> <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%20%3E%20Network%20%3E%20ClientHints%22> >> >> *Web Feature ID* >> ua-client-hints <https://webstatus.dev/features/ua-client-hints> >> >> *Motivation* >> Currently it's only possible to restrict third-party collection of >> high-entropy User-Agent Client Hints when they're requested over HTTP (via >> the various permissions policies associated with each Client Hint, i.e., >> https://wicg.github.io/client-hints-infrastructure/#policy-controlled-features). >> >> The permissions policy introduced in this change allows a first-party site >> to have more control over which third-parties are allowed to request >> high-entropy client hints via the getHighEntropyValues JS API, which could >> be deployed alongside the other permissions policies. >> >> *Initial public proposal* >> https://github.com/WICG/ua-client-hints/issues/151#issuecomment-783668130 >> >> *TAG review* >> N/A: UA-CH has already been reviewed by TAG, and this is a small, >> incremental addition to the API. >> >> *TAG review status* >> Not applicable >> >> *Risks* >> >> >> *Interoperability and Compatibility* >> *No information provided* >> >> *Gecko*: Neutral ( >> https://mozilla.github.io/standards-positions/#ua-client-hints) I >> haven't requested a new position for this small addition, since they don't >> support any of it, but they are neutral on the API itself. >> >> *WebKit*: No signal ( >> https://github.com/WebKit/standards-positions/issues/70#issuecomment-3488097085) >> No >> official position, as it's blocked on a position on Client Hints in >> general. But I have left a comment with a pointer to this feature. >> >> *Web developers*: No signals >> >> *Other signals*: >> >> *WebView application risks* >> >> Does this intent deprecate or change behavior of existing APIs, such that >> it has potentially high risk for Android WebView-based applications? >> N/A >> >> >> *Debuggability* >> *No information provided* >> >> *Will this feature be supported on all six Blink platforms (Windows, Mac, >> Linux, ChromeOS, Android, and Android WebView)?* >> No >> >> *Is this feature fully tested by web-platform-tests >> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?* >> Yes >> https://wpt.fyi/results/client-hints/permissions-policy?label=experimental&label=master&aligned >> >> >> >> *Flag name on about://flags* >> *No information provided* >> >> *Finch feature name* >> ClientHintUAHighEntropyValuesPermissionPolicy >> >> *Rollout plan* >> Will ship enabled for all users >> >> *Requires code in //chrome?* >> False >> >> *Tracking bug* >> https://issues.chromium.org/issues/385161047 >> >> *Launch bug* >> https://launch.corp.google.com/launch/4366844 >> >> *Estimated milestones* >> Shipping on desktop 144 >> Shipping on Android 144 >> Shipping on WebView 144 >> >> *Anticipated spec changes* >> >> Open questions about a feature may be a source of future web compat or >> interop issues. Please list open issues (e.g. links to known github issues >> in the project for the feature specification) whose resolution may >> introduce web compat/interop risk (e.g., changing to naming or structure of >> the API in a non-backward-compatible way). >> None >> >> *Link to entry on the Chrome Platform Status* >> https://chromestatus.com/feature/6176703867781120?gate=5312509740056576 >> >> *Links to previous Intent discussions* >> Intent to Prototype: >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/d302cc34-870b-4978-a583-4918ee1631c0%40chromium.org >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/1b137562-7c7a-4946-98d8-6e239a20a949%40chromium.org >> >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/1b137562-7c7a-4946-98d8-6e239a20a949%40chromium.org?utm_medium=email&utm_source=footer> >> . >> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> > To view this discussion visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/97279e8b-c0c7-4b3d-822d-614745d52faa%40gmail.com >> >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/97279e8b-c0c7-4b3d-822d-614745d52faa%40gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/5c0333ba-7b9d-4501-a7b5-280800dd5834n%40chromium.org.
