- From: Andrew Betts <notifications@github.com>
- Date: Tue, 12 Dec 2017 16:32:51 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 13 December 2017 00:33:16 UTC
Also @igrigorik, sorry to harp on about it and you may have considered it a poor point but I don't think I saw a response to the suggestion that using `Accept` as a response header is very hard for developers to reason about. Fundamentally the request-response model of the web is built on the idea that each transaction is relatively stateless, and I'm uneasy about the recent trend to bend those rules with stuff like Clear-Site-Data or HSTS which apply to the entire origin or affect subsequent requests. Origin policy seems like the answer to this concern, and it seems at the very least a shame to ship `Accept-CH` in the meantime. You're going to have a lot of developers wanting to use CH, because they're great and they address a lot of performance concerns that we tell people to worry about, but imho this isn't a low level primitive that we expect a small number of exceptionally clever people to build a user-friendly library on top of. So I think of the average developer and I'd like them to find CH simple to understand and use. I see Accept-CH as a bit of a curveball. But my only suggestion is to wait for origin policy, or to not require the opt-in in the first place, which brings us to Alex's points above. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/206#issuecomment-351241848
Received on Wednesday, 13 December 2017 00:33:16 UTC