How can we get a good grip on the web compatibility of this change? The
use counters are a high, but as you point out, the number of sites that
actually depend on the legacy client hints is lower. The question is
just "how much lower?".
You listed a number of affected sites. Has anyone checked what happens
to those with the hints removed?
/Daniel
On 2022-03-07 16:56, Ari Chivukula wrote:
Fixing the subject prefix, apologies.
On Mon, Mar 7, 2022 at 7:54 AM Ari Chivukula <aric...@chromium.org> wrote:
Contact emails
aric...@chromium.org <mailto:aric...@chromium.org>,
jadekess...@chromium.org <mailto:jadekess...@chromium.org>,
miketa...@chromium.org <mailto:miketa...@chromium.org>
Design Doc
https://docs.google.com/document/d/1igtMPtVTiX24bVaUo6tBgx3B16-HmUVPG7iDP5HkzD0/edit
<https://docs.google.com/document/d/1igtMPtVTiX24bVaUo6tBgx3B16-HmUVPG7iDP5HkzD0/edit>
Specification
https://wicg.github.io/client-hints-infrastructure/
<https://wicg.github.io/client-hints-infrastructure/>
Summary
One residue of the rapid Client Hints Infrastructure
<https://wicg.github.io/client-hints-infrastructure/>iteration is
the concept of a `legacy` client hint. It’s a set of 4 hints
(`dpr`, `width`, `viewport-width`, and `device-memory`) which have
a default allowlist of `self` (meaning that they are not sent to
third-party subresources unless delegated via Permissions Policy)
but behave as though they have a default allowlist of `*` (meaning
they are sent to third-party subresources as long as the
first-party page requests them) on Android.
This `legacy` client concept on Android will be removed and a
permissions policy will be required to delegate the 4 affected
hints. As of M100, Markup based Client Hint Delegation
<https://groups.google.com/a/chromium.org/g/blink-dev/c/JQ68cvYuiQU/m/bFjAWmy3AAAJ>is
now available to allow delegation via HTML instead of HTTP headers.
Blink component
Blink>Network>ClientHints
<https://bugs.chromium.org/p/chromium/issues/list?q=component%3ABlink%3ENetwork%3EClientHints>
Motivation
We want to bring these 4 hints in line with the spec; fixing this
will increase privacy on Android by requiring explicit delegation
of these hints.
TAG review
N/A (this change brings Android behavior in line with the spec and
better preserves privacy)
Compatibility
Websites visited by android devices that request the legacy
device-memory, dpr, width, and viewport-width would no longer have
these hints delegated by default to third-party subresources. This
would match the current behavior on desktop. Third-party
subresources which need these hints would need to get the
first-party that loads them to adopt HTTP
<https://w3c.github.io/webappsec-permissions-policy/#serialization>or
HTML
<https://docs.google.com/document/d/1U3P9yvaT1NXG_qRmY3Lp6Me7M5kTnd3QrBb1yFUVNNk/edit>delegation
of client hints. The design doc
<https://docs.google.com/document/d/1igtMPtVTiX24bVaUo6tBgx3B16-HmUVPG7iDP5HkzD0/edit>has
usage/top-site information, and outreach is underway to ensure
third-parties expecting this information are aware of the change.
The sites which require default third-party delegation of these
hints are likely much lower than the sites which incidentally do
so by default. As we encourage Client Hint adoption, we want to
ensure dependency doesn’t form on legacy, non-compliant behavior.
Interoperability
Gecko: Client Hints not yet implemented (considered non-harmful
<https://mozilla.github.io/standards-positions/#http-client-hints>)
WebKit: Client Hints not yet implemented
Web developers: No feedback yet
Debuggability
N/A
Is this feature fully tested by web-platform-tests?
New WPT will be added to ensure these hints are not delegated by
default.
Tracking bug
https://crbug.com/1227043 <https://crbug.com/1227043>
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5694492182052864
<https://chromestatus.com/feature/5694492182052864>
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGpy5DJdHT1P-Dg%3DgmbkmA3K-HuDhg%3D1a0tVfv9c9g6wBHGCVg%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGpy5DJdHT1P-Dg%3DgmbkmA3K-HuDhg%3D1a0tVfv9c9g6wBHGCVg%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/414b6ea3-60f2-ca8c-7b4e-118db6f9616b%40gmail.com.
