- From: Ilya Grigorik <igrigorik@google.com>
- Date: Mon, 12 Jan 2015 12:52:17 -0800
- To: public-web-perf <public-web-perf@w3.org>
- Cc: Domenic Denicola <domenic@google.com>
Received on Monday, 12 January 2015 20:53:25 UTC
We identified a number of issues with the current NEL draft at TPAC: 1) JS-based registration can be easily hijacked 2) Ability to aggregate multiple errors into a single report 3) Desire for more extensive error coverage and better delivery model ... more: https://github.com/w3c/navigation-error-logging/issues In attempt to address all of the above, I have a new draft proposal which is based on our experience with Domain Reliability [1], and also reuses a lot of the concepts from CSP and HSTS: https://cdn.rawgit.com/w3c/navigation-error-logging/new/index.html - HSTS~like header based registration - CSP~like error reporting for failed navigations -- JS interface is removed entirely for security and privacy reasons, same as CSP - Domain Reliability~like error types and report structure and delivery In short, it *is* a significant departure from the current draft, but I do believe that it addresses all the major open issues and provides a consistent interface to similar APIs (e.g. CSP). Would love to hear any thoughts or feedback! ig [1] https://docs.google.com/a/chromium.org/document/d/14U0YA4dlzNYciq2ke0StEMjomdBUN6ocSt1kN03HJ0s/edit?pli=1#
Received on Monday, 12 January 2015 20:53:25 UTC