LGTM3 On Wed, Apr 12, 2023 at 1:14 AM Peter Birk Pakkenberg <pb...@chromium.org> wrote:
> Thank you Mike and Yoav, > > Can I get a third LGTM to let me proceed to a 1% roll-out on stable? > > > Sincerely, > [image: Google Logo] > Peter Birk Pakkenberg > Software Engineer > pb...@chromium.org > > > On Fri, 7 Apr 2023 at 12:05, Yoav Weiss <yoavwe...@chromium.org> wrote: > >> LGTM2 >> >> It seems like there's no way for us to know who relies on this without >> trying the removal and finding out. Slow and careful rollout makes sense in >> that case. >> >> On Wed, Apr 5, 2023 at 8:58 PM Mike Taylor <miketa...@chromium.org> >> wrote: >> >>> Apologies Peter, this intent fell off the radar of our tooling. >>> >>> LGTM1 to proceed with the outlined plan. Thanks for creating a >>> deprecation trial and blogging about it. >>> On 4/5/23 1:07 PM, Peter Birk Pakkenberg wrote: >>> >>> Hello blink-dev@ >>> >>> Are there any objections or questions about starting the removal of this >>> header? >>> >>> If not, I would appreciate LGTM's to let me proceed with a 1% stable >>> roll-out in M112. >>> >>> Sincerely, >>> [image: Google Logo] >>> Peter Birk Pakkenberg >>> Software Engineer >>> pb...@chromium.org >>> >>> >>> On Thu, 30 Mar 2023 at 16:17, Peter Birk Pakkenberg <pb...@chromium.org> >>> wrote: >>> >>>> Hello blink-dev@ >>>> >>>> Are there any objections to start shipping this feature in M112? >>>> >>>> Sincerely, >>>> [image: Google Logo] >>>> Peter Birk Pakkenberg >>>> Software Engineer >>>> pb...@chromium.org >>>> >>>> >>>> On Wed, 15 Mar 2023 at 14:24, Peter Birk Pakkenberg <pb...@chromium.org> >>>> wrote: >>>> >>>>> Hi Mike, >>>>> >>>>> We plan to keep the setRequestedWithHeaderOriginAllowList API for the >>>>> duration of the XRW origin trial, but have not made any decisions beyond >>>>> that at this point in either direction. >>>>> >>>>> Sincerely, >>>>> [image: Google Logo] >>>>> Peter Birk Pakkenberg >>>>> Software Engineer >>>>> pb...@chromium.org >>>>> >>>>> >>>>> On Mon, 13 Mar 2023 at 14:41, Mike Taylor <miketa...@chromium.org> >>>>> wrote: >>>>> >>>>>> On 3/13/23 9:11 AM, Peter Birk Pakkenberg wrote: >>>>>> >>>>>> Contact emails >>>>>> >>>>>> pb...@chromium.org >>>>>> >>>>>> Explainer >>>>>> >>>>>> Android Developer Blog post >>>>>> <https://android-developers.googleblog.com/2023/02/improving-user-privacy-by-requiring-opt-in-to-send-x-requested-wih-header-from-webview.html> >>>>>> >>>>>> Summary >>>>>> >>>>>> Removes the default X-Requested-With header from HTTP requests made >>>>>> by WebView. >>>>>> >>>>>> The X-Requested-With header is set by WebView, with the package name >>>>>> of the embedding apk as the value. >>>>>> >>>>>> This use of the header will be discontinued. >>>>>> >>>>>> Developers who rely on this header can sign up for a deprecation >>>>>> origin trial >>>>>> <https://developer.chrome.com/origintrials/#/view_trial/1390486384950640641> >>>>>> to continue to receive the header during the deprecation period. >>>>>> >>>>>> The deprecation origin trial will be extended until replacement APIs >>>>>> are available to address use cases of the header, as explained in this >>>>>> Android >>>>>> Developer Blog post >>>>>> <https://android-developers.googleblog.com/2023/02/improving-user-privacy-by-requiring-opt-in-to-send-x-requested-wih-header-from-webview.html> >>>>>> . >>>>>> >>>>>> The roll-out of this removal will be slower than usual. See >>>>>> “Estimated milestones” below. >>>>>> >>>>>> Blink component >>>>>> >>>>>> Mobile>WebView >>>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Mobile%3EWebView> >>>>>> >>>>>> Search tags >>>>>> >>>>>> Headers <https://chromestatus.com/features#tags:Headers> >>>>>> >>>>>> TAG review >>>>>> >>>>>> TAG review status >>>>>> >>>>>> Not applicable >>>>>> >>>>>> Risks >>>>>> >>>>>> Interoperability and Compatibility >>>>>> >>>>>> Gecko: N/A >>>>>> >>>>>> WebKit: N/A >>>>>> >>>>>> Web developers: No signals >>>>>> >>>>>> Other signals: >>>>>> >>>>>> WebView application risks >>>>>> >>>>>> Does this intent deprecate or change behavior of existing APIs, such >>>>>> that it has potentially high risk for Android WebView-based applications? >>>>>> >>>>>> This feature removes a header sent by default by WebView. It should >>>>>> have no direct impact on applications using WebViews, but sites loaded in >>>>>> the WebView will no longer receive the X-Requested-With header unless the >>>>>> app explicitly allowlist the site >>>>>> <https://developer.android.com/reference/androidx/webkit/WebSettingsCompat#setRequestedWithHeaderOriginAllowList(android.webkit.WebSettings,java.util.Set%3Cjava.lang.String%3E)> >>>>>> to receive the header or the site participates in the deprecation trial. >>>>>> >>>>>> Do you expect to deprecate setRequestedWithHeaderOriginAllowList at >>>>>> some future point? >>>>>> >>>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>>> Mac, Linux, Chrome OS, Android, and Android WebView)? >>>>>> >>>>>> No >>>>>> >>>>>> WebView-only feature being deprecated >>>>>> >>>>>> >>>>>> Is this feature fully tested by web-platform-tests >>>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>>> ? >>>>>> >>>>>> No - WebView is not covered by Web Platform Tests. >>>>>> >>>>>> Flag name >>>>>> >>>>>> WebViewXRequestedWithHeaderControl >>>>>> >>>>>> Requires code in //chrome? >>>>>> >>>>>> False >>>>>> >>>>>> Tracking bug >>>>>> >>>>>> https://crbug.com/960720 >>>>>> >>>>>> Estimated milestones >>>>>> >>>>>> - >>>>>> >>>>>> Roll-out in M111 beta (up to 50%) >>>>>> - >>>>>> >>>>>> Roll-out in M112 stable (up to 1%) >>>>>> - >>>>>> >>>>>> Roll-out to M113 stable (up to 5%) >>>>>> >>>>>> Further roll-out to be assessed based on developer input and >>>>>> feedback, considering that people might need time to adopt the OT. >>>>>> >>>>>> While we have announced the change through public developer >>>>>> communications and direct outreach to several partners, receiving mostly >>>>>> positive or neutral feedback, we expect that negative impacts, if any, >>>>>> will >>>>>> be more visible at 1% and 5% of stable traffic. We may want to allow >>>>>> more >>>>>> time to adopt the deprecation trial before continuing to ramp up. >>>>>> >>>>>> This looks like a reasonable, conservative rollout plan, thanks. >>>>>> >>>>>> Link to entry on the Chrome Platform Status >>>>>> >>>>>> https://chromestatus.com/feature/5160086884843520 >>>>>> >>>>>> Links to previous Intent discussions >>>>>> >>>>>> Intent to Deprecate: >>>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/k9HL9muJPxs >>>>>> >>>>>> >>>>>> This intent message was generated by Chrome Platform Status >>>>>> <https://chromestatus.com/>. >>>>>> >>>>>> >>>>>> Sincerely, >>>>>> [image: Google Logo] >>>>>> Peter Birk Pakkenberg >>>>>> Software Engineer >>>>>> pb...@chromium.org >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "blink-dev" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to blink-dev+unsubscr...@chromium.org. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACvTYjtyf389m7ywT7042GXBzVCz4z6Pmn9UCNztMA23ewTZqw%40mail.gmail.com >>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACvTYjtyf389m7ywT7042GXBzVCz4z6Pmn9UCNztMA23ewTZqw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+unsubscr...@chromium.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/63373d78-6db4-e974-2451-24fad35903da%40chromium.org >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/63373d78-6db4-e974-2451-24fad35903da%40chromium.org?utm_medium=email&utm_source=footer> >>> . >>> >> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACvTYjuUBd_9qULnJyumjR7ye_DRQcv_oULzPJpx8TQ_aLWOWA%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACvTYjuUBd_9qULnJyumjR7ye_DRQcv_oULzPJpx8TQ_aLWOWA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw8hMvo-hch91yVSPXsHVN4z-O%3DJ6MQ-BomNQXLyCEHkFg%40mail.gmail.com.
