Thank you Mike and Yoav, Can I get a third LGTM to let me proceed to a 1% roll-out on stable?
Sincerely, [image: Google Logo] Peter Birk Pakkenberg Software Engineer pb...@chromium.org On Fri, 7 Apr 2023 at 12:05, Yoav Weiss <yoavwe...@chromium.org> wrote: > LGTM2 > > It seems like there's no way for us to know who relies on this without > trying the removal and finding out. Slow and careful rollout makes sense in > that case. > > On Wed, Apr 5, 2023 at 8:58 PM Mike Taylor <miketa...@chromium.org> wrote: > >> Apologies Peter, this intent fell off the radar of our tooling. >> >> LGTM1 to proceed with the outlined plan. Thanks for creating a >> deprecation trial and blogging about it. >> On 4/5/23 1:07 PM, Peter Birk Pakkenberg wrote: >> >> Hello blink-dev@ >> >> Are there any objections or questions about starting the removal of this >> header? >> >> If not, I would appreciate LGTM's to let me proceed with a 1% stable >> roll-out in M112. >> >> Sincerely, >> [image: Google Logo] >> Peter Birk Pakkenberg >> Software Engineer >> pb...@chromium.org >> >> >> On Thu, 30 Mar 2023 at 16:17, Peter Birk Pakkenberg <pb...@chromium.org> >> wrote: >> >>> Hello blink-dev@ >>> >>> Are there any objections to start shipping this feature in M112? >>> >>> Sincerely, >>> [image: Google Logo] >>> Peter Birk Pakkenberg >>> Software Engineer >>> pb...@chromium.org >>> >>> >>> On Wed, 15 Mar 2023 at 14:24, Peter Birk Pakkenberg <pb...@chromium.org> >>> wrote: >>> >>>> Hi Mike, >>>> >>>> We plan to keep the setRequestedWithHeaderOriginAllowList API for the >>>> duration of the XRW origin trial, but have not made any decisions beyond >>>> that at this point in either direction. >>>> >>>> Sincerely, >>>> [image: Google Logo] >>>> Peter Birk Pakkenberg >>>> Software Engineer >>>> pb...@chromium.org >>>> >>>> >>>> On Mon, 13 Mar 2023 at 14:41, Mike Taylor <miketa...@chromium.org> >>>> wrote: >>>> >>>>> On 3/13/23 9:11 AM, Peter Birk Pakkenberg wrote: >>>>> >>>>> Contact emails >>>>> >>>>> pb...@chromium.org >>>>> >>>>> Explainer >>>>> >>>>> Android Developer Blog post >>>>> <https://android-developers.googleblog.com/2023/02/improving-user-privacy-by-requiring-opt-in-to-send-x-requested-wih-header-from-webview.html> >>>>> >>>>> Summary >>>>> >>>>> Removes the default X-Requested-With header from HTTP requests made by >>>>> WebView. >>>>> >>>>> The X-Requested-With header is set by WebView, with the package name >>>>> of the embedding apk as the value. >>>>> >>>>> This use of the header will be discontinued. >>>>> >>>>> Developers who rely on this header can sign up for a deprecation >>>>> origin trial >>>>> <https://developer.chrome.com/origintrials/#/view_trial/1390486384950640641> >>>>> to continue to receive the header during the deprecation period. >>>>> >>>>> The deprecation origin trial will be extended until replacement APIs >>>>> are available to address use cases of the header, as explained in this >>>>> Android >>>>> Developer Blog post >>>>> <https://android-developers.googleblog.com/2023/02/improving-user-privacy-by-requiring-opt-in-to-send-x-requested-wih-header-from-webview.html> >>>>> . >>>>> >>>>> The roll-out of this removal will be slower than usual. See “Estimated >>>>> milestones” below. >>>>> >>>>> Blink component >>>>> >>>>> Mobile>WebView >>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Mobile%3EWebView> >>>>> >>>>> Search tags >>>>> >>>>> Headers <https://chromestatus.com/features#tags:Headers> >>>>> >>>>> TAG review >>>>> >>>>> TAG review status >>>>> >>>>> Not applicable >>>>> >>>>> Risks >>>>> >>>>> Interoperability and Compatibility >>>>> >>>>> Gecko: N/A >>>>> >>>>> WebKit: N/A >>>>> >>>>> Web developers: No signals >>>>> >>>>> Other signals: >>>>> >>>>> WebView application risks >>>>> >>>>> Does this intent deprecate or change behavior of existing APIs, such >>>>> that it has potentially high risk for Android WebView-based applications? >>>>> >>>>> This feature removes a header sent by default by WebView. It should >>>>> have no direct impact on applications using WebViews, but sites loaded in >>>>> the WebView will no longer receive the X-Requested-With header unless the >>>>> app explicitly allowlist the site >>>>> <https://developer.android.com/reference/androidx/webkit/WebSettingsCompat#setRequestedWithHeaderOriginAllowList(android.webkit.WebSettings,java.util.Set%3Cjava.lang.String%3E)> >>>>> to receive the header or the site participates in the deprecation trial. >>>>> >>>>> Do you expect to deprecate setRequestedWithHeaderOriginAllowList at >>>>> some future point? >>>>> >>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>> Mac, Linux, Chrome OS, Android, and Android WebView)? >>>>> >>>>> No >>>>> >>>>> WebView-only feature being deprecated >>>>> >>>>> >>>>> Is this feature fully tested by web-platform-tests >>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>> ? >>>>> >>>>> No - WebView is not covered by Web Platform Tests. >>>>> >>>>> Flag name >>>>> >>>>> WebViewXRequestedWithHeaderControl >>>>> >>>>> Requires code in //chrome? >>>>> >>>>> False >>>>> >>>>> Tracking bug >>>>> >>>>> https://crbug.com/960720 >>>>> >>>>> Estimated milestones >>>>> >>>>> - >>>>> >>>>> Roll-out in M111 beta (up to 50%) >>>>> - >>>>> >>>>> Roll-out in M112 stable (up to 1%) >>>>> - >>>>> >>>>> Roll-out to M113 stable (up to 5%) >>>>> >>>>> Further roll-out to be assessed based on developer input and >>>>> feedback, considering that people might need time to adopt the OT. >>>>> >>>>> While we have announced the change through public developer >>>>> communications and direct outreach to several partners, receiving mostly >>>>> positive or neutral feedback, we expect that negative impacts, if any, >>>>> will >>>>> be more visible at 1% and 5% of stable traffic. We may want to allow more >>>>> time to adopt the deprecation trial before continuing to ramp up. >>>>> >>>>> This looks like a reasonable, conservative rollout plan, thanks. >>>>> >>>>> Link to entry on the Chrome Platform Status >>>>> >>>>> https://chromestatus.com/feature/5160086884843520 >>>>> >>>>> Links to previous Intent discussions >>>>> >>>>> Intent to Deprecate: >>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/k9HL9muJPxs >>>>> >>>>> >>>>> This intent message was generated by Chrome Platform Status >>>>> <https://chromestatus.com/>. >>>>> >>>>> >>>>> Sincerely, >>>>> [image: Google Logo] >>>>> Peter Birk Pakkenberg >>>>> Software Engineer >>>>> pb...@chromium.org >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "blink-dev" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to blink-dev+unsubscr...@chromium.org. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACvTYjtyf389m7ywT7042GXBzVCz4z6Pmn9UCNztMA23ewTZqw%40mail.gmail.com >>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACvTYjtyf389m7ywT7042GXBzVCz4z6Pmn9UCNztMA23ewTZqw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>>> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/63373d78-6db4-e974-2451-24fad35903da%40chromium.org >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/63373d78-6db4-e974-2451-24fad35903da%40chromium.org?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACvTYjuUBd_9qULnJyumjR7ye_DRQcv_oULzPJpx8TQ_aLWOWA%40mail.gmail.com.