Contact emailsjbro...@chromium.org Explainerhttps://github.com/WICG/nav-speculation/issues/302 https://mnot.github.io/I-D/draft-nottingham-http-availability-hints.html#name-cookie
SpecificationNone Summary See https://github.com/WICG/nav-speculation/issues/302 The prefetch cache should allow responses to be cached but discarded if particular cookies change (e.g., login cookie, preferred language/theme). Blink componentInternals>Preload <https://bugs.chromium.org/p/chromium/issues/list?q=component:Internals%3EPreload> Motivation Even though prefetches have a short lifetime, it is possible for a prefetched response to be "stale" by the time it is used due to a change in the user state (e.g., logging out). This could be surprising as the user expects to observe this change, or in the worst case, a security issue if they have logged out on a public device and the next user is able to access a prefetched page (though this is not the only way this can happen). Developers can work around this by not using prefetch or prerender, but we'd like for them to not have to make that tradeoff. However, Vary: Cookie is infamous for being too big a hammer, since many origins set a variety of cookies which shouldn't invalidate huge swathes of the cache. Instead, browsers should respect response header fields which allow more specific cache invalidation, most likely by cookie name. Initial public proposalhttps://github.com/WICG/nav-speculation/issues/302 TAG reviewNone TAG review statusPending Risks Interoperability and Compatibility None *Gecko*: No signal *WebKit*: No signal *Web developers*: No signals *Other signals*: WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? None Debuggability None Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ?No Flag name on chrome://flagsNone Finch feature nameNone Non-finch justificationNone Requires code in //chrome?False Tracking bughttps://issues.chromium.org/issues/328628231 Estimated milestones No milestones specified Link to entry on the Chrome Platform Status https://chromestatus.com/feature/6313679412002816 This intent message was generated by Chrome Platform Status <https://chromestatus.com/>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACuR13c3b-Mhs6CZn2vxfp37qP4xk_a8p1MT8SE%3Dw06gLtm%3DoA%40mail.gmail.com.