Apologies Peter, this intent fell off the radar of our tooling.
LGTM1 to proceed with the outlined plan. Thanks for creating a
deprecation trial and blogging about it.
On 4/5/23 1:07 PM, Peter Birk Pakkenberg wrote:
Hello blink-dev@
Are there any objections or questions about starting the removal of
this header?
If not, I would appreciate LGTM's to let me proceed with a 1% stable
roll-out in M112.
Sincerely,
Google Logo
Peter Birk Pakkenberg
Software Engineer
pb...@chromium.org
On Thu, 30 Mar 2023 at 16:17, Peter Birk Pakkenberg
<pb...@chromium.org> wrote:
Hello blink-dev@
Are there any objections to start shipping this feature in M112?
Sincerely,
Google Logo
Peter Birk Pakkenberg
Software Engineer
pb...@chromium.org
On Wed, 15 Mar 2023 at 14:24, Peter Birk Pakkenberg
<pb...@chromium.org> wrote:
Hi Mike,
We plan to keep the setRequestedWithHeaderOriginAllowList API
for the duration of the XRW origin trial, but have not made
any decisions beyond that at this point in either direction.
Sincerely,
Google Logo
Peter Birk Pakkenberg
Software Engineer
pb...@chromium.org
On Mon, 13 Mar 2023 at 14:41, Mike Taylor
<miketa...@chromium.org> wrote:
On 3/13/23 9:11 AM, Peter Birk Pakkenberg wrote:
Contact emails
pb...@chromium.org
Explainer
Android Developer Blog post
<https://android-developers.googleblog.com/2023/02/improving-user-privacy-by-requiring-opt-in-to-send-x-requested-wih-header-from-webview.html>
Summary
Removes the default X-Requested-With header from HTTP
requests made by WebView.
The X-Requested-With header is set by WebView, with the
package name of the embedding apk as the value.
This use of the header will be discontinued.
Developers who rely on this header can sign up for a
deprecation origin trial
<https://developer.chrome.com/origintrials/#/view_trial/1390486384950640641>to
continue to receive the header during the deprecation
period.
The deprecation origin trial will be extended until
replacement APIs are available to address use cases of
the header, as explained in this Android Developer Blog
post
<https://android-developers.googleblog.com/2023/02/improving-user-privacy-by-requiring-opt-in-to-send-x-requested-wih-header-from-webview.html>.
The roll-out of this removal will be slower than usual.
See “Estimated milestones” below.
Blink component
Mobile>WebView
<https://bugs.chromium.org/p/chromium/issues/list?q=component:Mobile%3EWebView>
Search tags
Headers <https://chromestatus.com/features#tags:Headers>
TAG review
TAG review status
Not applicable
Risks
Interoperability and Compatibility
Gecko: N/A
WebKit: N/A
Web developers: No signals
Other signals:
WebView application risks
Does this intent deprecate or change behavior of existing
APIs, such that it has potentially high risk for Android
WebView-based applications?
This feature removes a header sent by default by WebView.
It should have no direct impact on applications using
WebViews, but sites loaded in the WebView will no longer
receive the X-Requested-With header unless the app
explicitly allowlist the site
<https://developer.android.com/reference/androidx/webkit/WebSettingsCompat#setRequestedWithHeaderOriginAllowList(android.webkit.WebSettings,java.util.Set%3Cjava.lang.String%3E)>to
receive the header or the site participates in the
deprecation trial.
Do you expect to deprecate
setRequestedWithHeaderOriginAllowList at some future point?
Will this feature be supported on all six Blink
platforms (Windows, Mac, Linux, Chrome OS,
Android, and Android WebView)?
No
WebView-only feature being deprecated
Is this feature fully tested by
web-platform-tests
<https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?
No - WebView is not covered by Web Platform Tests.
Flag name
WebViewXRequestedWithHeaderControl
Requires code in //chrome?
False
Tracking bug
https://crbug.com/960720 <https://crbug.com/960720>
Estimated milestones
*
Roll-out in M111 beta (up to 50%)
*
Roll-out in M112 stable (up to 1%)
*
Roll-out to M113 stable (up to 5%)
Further roll-out to be assessed based on developer input
and feedback, considering that people might need time to
adopt the OT.
While we have announced the change through public
developer communications and direct outreach to several
partners, receiving mostly positive or neutral feedback,
we expect that negative impacts, if any, will be more
visible at 1% and 5% of stable traffic. We may want to
allow more time to adopt the deprecation trial before
continuing to ramp up.
This looks like a reasonable, conservative rollout plan,
thanks.
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5160086884843520
<https://chromestatus.com/feature/5160086884843520>
Links to previous Intent discussions
Intent to Deprecate:
https://groups.google.com/a/chromium.org/g/blink-dev/c/k9HL9muJPxs
<https://groups.google.com/a/chromium.org/g/blink-dev/c/k9HL9muJPxs>
This intent message was generated by Chrome Platform
Status <https://chromestatus.com/>.
Sincerely,
Google Logo
Peter Birk Pakkenberg
Software Engineer
pb...@chromium.org
--
You received this message because you are subscribed to
the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails
from it, send an email to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACvTYjtyf389m7ywT7042GXBzVCz4z6Pmn9UCNztMA23ewTZqw%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACvTYjtyf389m7ywT7042GXBzVCz4z6Pmn9UCNztMA23ewTZqw%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/63373d78-6db4-e974-2451-24fad35903da%40chromium.org.
