Re: [w3ctag/design-reviews] Design Review: Speculation Rules (Prefetch) (Issue #721) from Kevin McNee on 2023-03-01 (public-webapps-github@w3.org from March 2023)

From: Kevin McNee <notifications@github.com>
Date: Wed, 01 Mar 2023 12:32:08 -0800
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/721/1450807083@github.com>

> Are there risks authors or users should know about if the inverse of this was the case? ie. a strict policy by default is overridden by a lax explicit prefetch policy? (perhaps because of a misconfiguration, or because different people configure the server headers to those who author the pages?)

If a lax policy is specified in the rule and it's for a same-site prefetch, that's the policy we use. If it's cross-site however, a lax explicit policy would prevent the prefetch attempt due to the sufficiently-strict referrer policy requirement.

So the risk would be that authors cause their prefetch attempts to be ignored. For debuggability, in the chromium implementation, we surface when an attempt is ignored due to this requirement in DevTools.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/721#issuecomment-1450807083
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/721/1450807083@github.com>

Received on Wednesday, 1 March 2023 20:32:21 UTC