Maybe I need a better naming. The original PNA permission prompt requires developers to manually add a new fetch option "targetAddressSpace". So for the non-fetch requests, e.g. iframes, image elements, etc., we attempt to let websites to claim the targetAddressSpace in an earlier stage, which is as a new content security policy.
On Monday, March 4, 2024 at 5:37:18 AM UTC+1 dom...@chromium.org wrote: > It's not clear what this intent or explainer means by "non-fetch > requests". https://github.com/WICG/private-network-access/issues/129 > > On Fri, Mar 1, 2024 at 12:52 AM 'Yifan Luo' via blink-dev < > blin...@chromium.org> wrote: > >> Contact emailsl...@chromium.org >> >> Explainer >> https://github.com/WICG/private-network-access/blob/main/permission_prompt/explariner_non-fetch_requests.md >> >> Specificationhttps://wicg.github.io/private-network-access >> >> Summary >> >> A new Content Security Policy `private-address-space` and >> `local-address-space` to let all documents declare their IP address space >> ahead of time. >> >> >> Blink componentBlink>SecurityFeature>CORS>PrivateNetworkAccess >> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3ECORS%3EPrivateNetworkAccess> >> >> Motivation >> >> To enhance private network security, we need a solution that extends >> beyond the current fetch-focused Private Network Access permission. >> >> >> Initial public proposal >> https://docs.google.com/document/d/1YjcxNnrnp0BZb1suZI7mXbyjK1wM2M36aPkkbNRN3JY/edit?resourcekey=0-7DoGGwNK5d8n75paVuSFHg >> >> TAG reviewNone >> >> TAG review statusPending >> >> Risks >> >> >> Interoperability and Compatibility >> >> None >> >> >> *Gecko*: Positive ( >> https://github.com/mozilla/standards-positions/issues/143) >> >> *WebKit*: Positive ( >> https://github.com/WebKit/standards-positions/issues/163) >> >> *Web developers*: Positive >> >> *Other signals*: >> >> WebView application risks >> >> Does this intent deprecate or change behavior of existing APIs, such that >> it has potentially high risk for Android WebView-based applications? >> >> None >> >> >> Debuggability >> >> None >> >> >> Is this feature fully tested by web-platform-tests >> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >> ?No >> >> Flag name on chrome://flagsNone >> >> Finch feature nameNone >> >> Non-finch justificationNone >> >> Requires code in //chrome?False >> >> Tracking bughttps://g-issues.chromium.org/issues/327602976 >> >> Estimated milestones >> >> No milestones specified >> >> >> Link to entry on the Chrome Platform Status >> https://chromestatus.com/feature/5112291503898624 >> >> This intent message was generated by Chrome Platform Status >> <https://chromestatus.com/>. >> >> -- >> Yifan >> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+...@chromium.org. >> To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAG-zKU_JsZW4MwABUgzpARnwFfmjXmYcGswNibWCWALejeRpyA%40mail.gmail.com >> >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAG-zKU_JsZW4MwABUgzpARnwFfmjXmYcGswNibWCWALejeRpyA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/48a1588a-e792-4524-97e8-9f98e598d754n%40chromium.org.