- From: Ilya Grigorik <notifications@github.com>
- Date: Thu, 17 May 2018 03:24:13 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/issues/726@github.com>
Consolidating the tasks into a meta bug, so we can track progress.. ### Update list of hints - [ ] Add `RTT`, `ECT`, `Downlink`, and `Device-Memory` headers to the [CORS-safelisted list](https://fetch.spec.whatwg.org/#cors-safelisted-request-header), [Client Hints list](https://fetch.spec.whatwg.org/#client-hints-list), and [processing (step 6)](https://fetch.spec.whatwg.org/#fetching). ### Integrate `Accept-CH-Lifetime` / opt-in logic - [ ] Add a step after step 10 in [Main Fetch](https://fetch.spec.whatwg.org/#main-fetch), which reads `Accept-CH-Lifetime` and adds it to some CH-opt-in cache - [ ] Add definition of said cache - [ ] Change steps 6-7 in [Fetching](https://fetch.spec.whatwg.org/#fetching) to take `Accept-CH` and/or CH-opt-in cache into consideration. - [ ] Limit above steps to secure origins - [ ] Limit above steps to same-origin - unless the origin is on some list of allowed origins - [ ] Update HTML spec to support `<meta http-equiv>` opt-in - [ ] Add WPT tests for opt-in logic ### Integrate Feature-Policy + Client Hints hooks - [ ] Hook up Feature Policy and https://github.com/WICG/feature-policy/issues/129 to said list of allowed origins - [ ] Add WPT tests for FP opt-in @tarunban @yoavweiss @annevk anything missing? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/726
Received on Thursday, 17 May 2018 10:24:35 UTC