[w3ctag/design-reviews] early design review: bfcache/prerendering eviction APIs (Issue #786)

Wotcher TAG!

I'm requesting a TAG review of to invalidate documents in BFCache or prerendering when cookies or storage keys change.

We propose to add an API that allows a document to declare that it must be invalidated (evicted from BFCache or prerendering cancelled) if certain cookies or storage keys change while it is in inactive.

For example, the following JS snippet will cause any documents from this document’s origin which are currently inactive to be invalidated if the ‘SID’ cookie changes,

```
inactiveDocumentController.invalidationSignals.cookies = ['SID'];
```

Similarly, the following JS snippet will cause any documents from this document’s origin which are currently inactive to be invalidated if the value of the key ‘authToken’ in session storage changes,

```
inactiveDocumentController.invalidationSignals.sessionStorage = ['authToken'];
```

  - Explainer¹ (minimally containing user needs and example code): https://github.com/fergald/explainer-bfcache-ccns/blob/main/api.md

  - Security and Privacy self-review²: https://github.com/fergald/explainer-bfcache-ccns/blob/main/api.md#tag-security-and-privacy-questionnaire

  - GitHub repo (if you prefer feedback filed there): https://github.com/fergald/explainer-bfcache-ccns

  - Primary contacts (and their relationship to the specification):
      - Primary contacts (and their relationship to the specification):
Fergal Daly (fergald), Google - designing/specifying/implementing in Chrome
  - Organization/project driving the design: Google (BFCache team)
  - External status/issue trackers for this feature (publicly visible, e.g. Chrome Status): https://chromestatus.com/feature/5197945132023808


Further details:

  - [Yes ] I have reviewed the TAG's [Web Platform Design Principles](https://www.w3.org/TR/design-principles/)
  - The group where the incubation/design work on this is being done (or is intended to be done in the future): WICG
  - The group where standardization of this work is intended to be done ("unknown" if not known): WHATWG
  - Existing major pieces of multi-stakeholder review or discussion of this design:
     - https://github.com/whatwg/html/issues/7189

     - https://github.com/whatwg/html/issues/5744

     - https://github.com/whatwg/html/issues/5879

     - https://docs.google.com/document/d/1YZvkd0nMk0VlaikLCcBtzX0CCUo9lLxoOUtEPbK2IYk/edit#heading=h.1pnql7664imc (2nd half)
  - Major unresolved issues with or opposition to this design: None
  - This work is being funded by: Google

You should also know that...

This the first step of a [plan to allow pages with `Cache-Control: no-store` into BFCache](https://github.com/fergald/explainer-bfcache-ccns).

We'd prefer the TAG provide feedback as (please delete all but the desired option):


  ☂️ open a single issue in our GitHub repo **for the entire review**

¹ For background, see our [explanation of how to write a good explainer](https://tag.w3.org/explainers/). We recommend the explainer to be in [Markdown](https://github.github.com/gfm/).

² Even for early-stage ideas, a Security and Privacy questionnaire helps us understand potential security and privacy issues and mitigations for your design, and can save us asking redundant questions. See https://www.w3.org/TR/security-privacy-questionnaire/.



-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/786

You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/786@github.com>

Received on Friday, 18 November 2022 07:44:07 UTC