Re: [whatwg/fetch] Client hints difference between navigation and subresources (#707) from Yoav Weiss on 2018-04-24 (public-webapps-github@w3.org from April 2018)

From: Yoav Weiss <notifications@github.com>
Date: Tue, 24 Apr 2018 09:58:05 +0000 (UTC)
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/707/383874881@github.com>

Taking a cautious peek at that, it seems like that work would comprise of:
* Adding a step after step 10 in [Main Fetch](https://fetch.spec.whatwg.org/#main-fetch), which reads `Accept-CH-Lifetime` and adds it to some CH-opt-in cache
* Add definition of said cache
* Change steps 6-7 in [Fetching](https://fetch.spec.whatwg.org/#fetching) to take `Accept-CH` and/or CH-opt-in cache into consideration.
* Limit above steps to secure origins
* Limit above steps to same-origin - unless the origin is on some list of allowed origins
* Hook up FeaturePolicy and https://github.com/WICG/feature-policy/issues/129 to said list of allowed origins.
* Add all the new hints to [Client Hints list](https://fetch.spec.whatwg.org/#client-hints-list) and to the [cors-safelisted request headers](https://fetch.spec.whatwg.org/#cors-safelisted-request-header).

@annevk - does that sound about right?


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/707#issuecomment-383874881

Received on Tuesday, 24 April 2018 09:58:31 UTC