Re: [blink-dev] Intent to Prototype: PNA permission prompt for non-fetch requests

['Yifan Luo' via blink-dev]

Maybe I need a better naming. The original PNA permission prompt requires 
developers to manually add a new fetch option "targetAddressSpace". So for 
the non-fetch requests, e.g. iframes, image elements, etc., we attempt to 
let websites to claim the targetAddressSpace in an earlier stage, which is 
as a new content security policy.

On Monday, March 4, 2024 at 5:37:18 AM UTC+1 dom...@chromium.org wrote:

> It's not clear what this intent or explainer means by "non-fetch 
> requests". https://github.com/WICG/private-network-access/issues/129
>
> On Fri, Mar 1, 2024 at 12:52 AM 'Yifan Luo' via blink-dev <
> blin...@chromium.org> wrote:
>
>> Contact emailsl...@chromium.org
>>
>> Explainer
>> https://github.com/WICG/private-network-access/blob/main/permission_prompt/explariner_non-fetch_requests.md
>>
>> Specificationhttps://wicg.github.io/private-network-access
>>
>> Summary
>>
>> A new Content Security Policy `private-address-space` and 
>> `local-address-space` to let all documents declare their IP address space 
>> ahead of time.
>>
>>
>> Blink componentBlink>SecurityFeature>CORS>PrivateNetworkAccess 
>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3ECORS%3EPrivateNetworkAccess>
>>
>> Motivation
>>
>> To enhance private network security, we need a solution that extends 
>> beyond the current fetch-focused Private Network Access permission.
>>
>>
>> Initial public proposal
>> https://docs.google.com/document/d/1YjcxNnrnp0BZb1suZI7mXbyjK1wM2M36aPkkbNRN3JY/edit?resourcekey=0-7DoGGwNK5d8n75paVuSFHg
>>
>> TAG reviewNone
>>
>> TAG review statusPending
>>
>> Risks
>>
>>
>> Interoperability and Compatibility
>>
>> None
>>
>>
>> *Gecko*: Positive (
>> https://github.com/mozilla/standards-positions/issues/143)
>>
>> *WebKit*: Positive (
>> https://github.com/WebKit/standards-positions/issues/163)
>>
>> *Web developers*: Positive
>>
>> *Other signals*:
>>
>> WebView application risks
>>
>> Does this intent deprecate or change behavior of existing APIs, such that 
>> it has potentially high risk for Android WebView-based applications?
>>
>> None
>>
>>
>> Debuggability
>>
>> None
>>
>>
>> Is this feature fully tested by web-platform-tests 
>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>
>> ?No
>>
>> Flag name on chrome://flagsNone
>>
>> Finch feature nameNone
>>
>> Non-finch justificationNone
>>
>> Requires code in //chrome?False
>>
>> Tracking bughttps://g-issues.chromium.org/issues/327602976
>>
>> Estimated milestones
>>
>> No milestones specified
>>
>>
>> Link to entry on the Chrome Platform Status
>> https://chromestatus.com/feature/5112291503898624
>>
>> This intent message was generated by Chrome Platform Status 
>> <https://chromestatus.com/>.
>>
>> -- 
>> Yifan
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "blink-dev" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to blink-dev+...@chromium.org.
>> To view this discussion on the web visit 
>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAG-zKU_JsZW4MwABUgzpARnwFfmjXmYcGswNibWCWALejeRpyA%40mail.gmail.com
>>  
>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAG-zKU_JsZW4MwABUgzpARnwFfmjXmYcGswNibWCWALejeRpyA%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit 
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/48a1588a-e792-4524-97e8-9f98e598d754n%40chromium.org.