Re: [w3ctag/design-reviews] Migrating some high-entropy HTTP request headers to Client Hints. (#320) from Mike West on 2019-02-14 (public-webapps-github@w3.org from February 2019)

From: Mike West <notifications@github.com>
Date: Thu, 14 Feb 2019 00:41:12 -0800
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/320/463541252@github.com>

> I see the UA would not be informing about the language to HTTP end points.

Correct. This is documented in https://tools.ietf.org/html/draft-west-lang-client-hint-00#section-3.1.

> Is that a problem?

I don't think so. It means that language preferences will not be leaked over plaintext channels, reducing the opportunity for network attackers to build a profile of a given agent's behavior over time. Similarly, I'd like to limit the `navigator.language` and `navigator.languages` accessors (see 3 in https://github.com/WICG/lang-client-hint#a-proposal).

Do you think it's a problem?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/320#issuecomment-463541252

Received on Thursday, 14 February 2019 08:41:34 UTC