Re: [w3ctag/design-reviews] Migrating some high-entropy HTTP request headers to Client Hints. (#320) from Mike West on 2018-11-05 (public-webapps-github@w3.org from November 2018)

From: Mike West <notifications@github.com>
Date: Mon, 05 Nov 2018 05:32:24 -0800
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/320/435874298@github.com>

@annevk: Good question. I'm blindly assuming that whatever the Client Hints folks work out for CORS will make sense for these headers too. I kinda haven't been following along with that conversation... :( Perhaps @yoavweiss has?

I recall that you and I discussed something along these lines for the CSP:EE work, and you suggesting that the `Sec-` prefix somewhat mitigated your concerns, though not entirely. I wonder if something like `Sec-CH-` would be a reasonable pattern to adopt for hints generally... Hrm.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/320#issuecomment-435874298

Received on Monday, 5 November 2018 13:32:46 UTC