- From: Ilya Grigorik <igrigorik@gmail.com>
- Date: Tue, 7 Nov 2017 18:15:42 -0800
- To: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
- Message-ID: <CAKRe7JExAoTQg3GeQOMbK+zprECU0V5GpbBdjwEgoN0FLbzQ3w@mail.gmail.com>
Hey folks.
Unfortunately won't be able to attend the meeting in Singapore. A quick
summary of recent updates on Client Hints:
- We added Accept-CH-Lifetime
<https://github.com/httpwg/http-extensions/issues/372> to allow origins
to persist their hint preferences:
- ACL should address one of the primary limitations we heard from
implementers: they need hints to be available on navigation requests, not
just subrequests.
- Accept-CH-Lifetime preference is bound to the origin
- e.g. 3P's pref on foo.com is bound to foo.com
- We restricted *both* Accept-CH and Accept-CH-Lifetime opt-in to
secure transports
- Effectively, CH is now HTTPS-only.
- Above updates also resulted in substantial rewrite of the security
considerations
<http://httpwg.org/http-extensions/client-hints.html#security-considerations>
section.
- Kudos to Martin for lots of help on this one.
Also, lots of other smaller (editorial) updates — see #373
<https://github.com/httpwg/http-extensions/pull/373> for full details.
PTAL and would appreciate any feedback.
ig
*p.s. I'll be offline until early Dec, apologies upfront for tardy replies.*
Received on Wednesday, 8 November 2017 02:16:47 UTC