Re: [whatwg/fetch] Add Accept-CH-lifetime cache and CH header handling (#729) from Ilya Grigorik on 2018-05-22 (public-webapps-github@w3.org from May 2018)

From: Ilya Grigorik <notifications@github.com>
Date: Tue, 22 May 2018 09:54:09 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/pull/729/review/122259210@github.com>

igrigorik commented on this pull request.



> @@ -1758,6 +1757,46 @@ of which is one of `<code>DPR</code>`, `<code>Save-Data</code>`, `<code>Viewport
 `<code>Width</code>`.
 
 
+<h3 id=accept-ch-cache>Accept-CH cache</h3>
+
+<p>An <dfn id=concept-accept-ch-cache>Accept-CH cache</dfn> is owned by the user agent and consists
+ of a collection of entries where each entry has these fields:
+
+<ul class=brief>
+ <li><dfn id=concept-accept-ch-cache-origin for=accept-ch-cache>origin</dfn> (an <a for=/>origin</a>)
+ <li><dfn id=concept-accept-ch-cache-max-age for=accept-ch-cache>max-age</dfn> (a number of seconds)
+ <li><dfn id=concept-accept-ch-cache-client-hints-list for=accept-ch-cache>client-hints list</dfn>
+</ul>
+
+<p>Entries must be removed after the seconds specified in the

Do we need any extra clauses to ensure that this cache is purged when user clears site-data or similar?

> @@ -2897,6 +2936,19 @@ with a <i>CORS flag</i> and <i>recursive flag</i>, run these steps:
  <li><p><a href=https://w3c.github.io/webappsec-csp/#set-response-csp-list>Set <var>internalResponse</var>'s CSP list</a>.
  [[!CSP]]
 
+ <li><p>If <var>response</var>'s
+ <a href=http://httpwg.org/http-extensions/client-hints.html#accept-ch>Accept-CH header</a>
+ is present, process the header and add its client-hints tokens to the <a>active document</a>'s

Restrict to HTTPS only?

> @@ -2897,6 +2936,19 @@ with a <i>CORS flag</i> and <i>recursive flag</i>, run these steps:
  <li><p><a href=https://w3c.github.io/webappsec-csp/#set-response-csp-list>Set <var>internalResponse</var>'s CSP list</a>.
  [[!CSP]]
 
+ <li><p>If <var>response</var>'s
+ <a href=http://httpwg.org/http-extensions/client-hints.html#accept-ch>Accept-CH header</a>
+ is present, process the header and add its client-hints tokens to the <a>active document</a>'s
+ client-hints list.
+
+ <!--TODO: define the active document's client hints list -->
+
+ <li><p>If <var>response</var>'s
+ <a href=http://httpwg.org/http-extensions/client-hints.html#accept-ch-lifetime>Accept-CH-Lifetime header</a>
+ is present, call 
+ <a for=accept-ch-cache>create a new entry</a> with <var>response</var>'s <var>origin</var>, the

Ditto, https-only?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/729#pullrequestreview-122259210

Received on Tuesday, 22 May 2018 16:54:32 UTC