Re: [blink-dev] Intent to Ship: CORS non-wildcard request-header

Thank you so much, Javier! :) That's some great analysis! On Wed, Mar 29, 2023 at 7:51 AM Javier Garcia Visiedo wrote: > Hi all, > > Please find the summary of my findings, after analyzing the UKM data. > > Currently, the UKM data shows 2,087 distinct domains (eTLD+1) sending a > wildcard for AC

Re: [blink-dev] Intent to Ship: CORS non-wildcard request-header

Thank you for your quick reply Yoav, Please find my answers inline. On Wednesday, March 29, 2023 at 4:35:32 PM UTC+9 Yoav Weiss wrote: Thank you so much, Javier! :) That's some great analysis! On Wed, Mar 29, 2023 at 7:51 AM Javier Garcia Visiedo wrote: Hi all, Please find the summary of m

Re: [blink-dev] Intent to Ship: CORS non-wildcard request-header

On Wed, Mar 29, 2023 at 10:32 AM Javier Garcia Visiedo wrote: > Thank you for your quick reply Yoav, > > Please find my answers inline. > > > On Wednesday, March 29, 2023 at 4:35:32 PM UTC+9 Yoav Weiss wrote: > > Thank you so much, Javier! :) That's some great analysis! > > On Wed, Mar 29, 2023 a

Re: [blink-dev] Intent to Ship: requestStorageAccessFor (for First-Party Sets)

LGTM1 I appreciate the reliance on this API on FPS as an internal concept (equivalent to the reliance of other browsers on entities.json) to significantly reduce its user friction as well as the risk that other vendors are concerned with (e.g. reputation concerns). I think we've made significant

Re: [blink-dev] Intent to Ship: Storage Access API (within First-Party Sets)

LGTM1 On Mon, Mar 20, 2023 at 10:34 PM 'Johann Hofmann' via blink-dev < blink-dev@chromium.org> wrote: > Contact emails > > bra...@microsoft.com, johann...@chromium.org, cfred...@chromium.org > > Explainer > > https://github.com/privacycg/storage-access > > Specification > > https://privacycg.git

Re: [blink-dev] Intent to Ship: First-party sets

Thanks for filing this intent. I agree with your analysis that it's not directly web-exposed, and as such, I don't think LGTMs are required (but still appreciate the intent as required context for rSA and rSAF). We'll see if other API owners disagree. On Mon, Mar 20, 2023 at 10:31 PM Johann Hofman

Re: [blink-dev] Intent to Experiment: Background Blur API.

Hi Arthur, On Tuesday, March 28, 2023 at 11:13:45 AM UTC+3 ahe...@google.com wrote: Hi Bhaumik, There was one question left unanswered in the I2P thread from the security review, so I'm reposting it here: "This is my understanding, let me know if that's correct: Background blur is applied by re

Re: [blink-dev] Intent to Ship: requestStorageAccessFor (for First-Party Sets)

Thanks Yoav! One minor note to the group that we successfully renamed the repository and so the explainer and spec can now be found at https://github.com/privacycg/requestStorageAccessFor and https://privacycg.github.io/requestStorageAccessFor/, respectively. (apologies to those who hit a 404 on t

Re: [blink-dev] Intent to Ship: JSON.parse source text access

LGTM3 /Daniel On 2023-03-28 15:24, Mike Taylor wrote: LGTM2 On 3/28/23 9:12 AM, Yoav Weiss wrote: LGTM1 On Tue, Mar 28, 2023 at 2:27 AM Shu-yu Guo wrote: Contact emails s...@chromium.org Explainer https://github.com/tc39/proposal-json-parse-with-sourc

[blink-dev] Re: Intent to Implement & Ship: Web Bluetooth exclusionFilters option in requestDevice()

LGTM1, but please let the TAG know about this change w/ an FYI. On Tuesday, March 28, 2023 at 11:00:24 PM UTC-7 fbea...@google.com wrote: > Contact emails > > fbeauf...@google.com > > reil...@google.com > > Explainer > > https://github.com/WebBluetoothCG/web-bluetooth/issues/599#issue-1638254435

Re: [blink-dev] Intent to Ship: CSS :lang pseudo class level 4

Hi Roger, I took a look for the tests, and am wondering if the tests added here are for Level 4? https://github.com/web-platform-tests/wpt/pull/37950 At least some of them are already passing in Chrome Dev (with experimental features enabled), but not Chrome stable, so some of these tests seem re

Re: [blink-dev] Re: Intent to Ship: Private State Tokens API

So, you're sticking to the current version (which is an older version of privacypass) and will switch to the latest version once it stabilizes? What's the forward compat story for this as well as future changes to the privacypass protocol? On Mon, Mar 20, 2023 at 3:54 PM 'Steven Valdez' via blink-

Re: [blink-dev] Intent to Ship: CORS non-wildcard request-header

On Wed, Mar 29, 2023 at 11:01 AM Yoav Weiss wrote: > > > On Wed, Mar 29, 2023 at 10:32 AM Javier Garcia Visiedo < > visi...@chromium.org> wrote: > >> Thank you for your quick reply Yoav, >> >> Please find my answers inline. >> >> >> On Wednesday, March 29, 2023 at 4:35:32 PM UTC+9 Yoav Weiss wrot

[blink-dev] PSA: Risky changes should be guarded by a Runtime Enabled Feature

Hey blink-dev, Within Google we’ve had a lot of discussion over the past year about how we should make increasing use of flags and kill switches to reduce the risk of breaking changes, but I realized there has

Re: [blink-dev] PSA: Risky changes should be guarded by a Runtime Enabled Feature

Thanks for posting this Rick. One call-out that I think is worth mentioning is the distinction between enabled-by-default flags and disabled-by-default flags. The general guidelines for choosing between these is in the links you posted, but given that it can be sometimes a subjective call it might

Re: [blink-dev] Intent to Ship: Storage Access API (within First-Party Sets)

LGTM2 (shame we can't rename this the Cookie Access API... :)) On 3/29/23 5:40 AM, Yoav Weiss wrote: LGTM1 On Mon, Mar 20, 2023 at 10:34 PM 'Johann Hofmann' via blink-dev wrote: Contact emails bra...@microsoft.com, johann...@chromium.org, cfred...@chromium.org

[blink-dev] Intent to Ship: ArrayBuffer.prototype.transfer

Contact emails...@chromium.org Explainerhttps://github.com/tc39/proposal-arraybuffer-transfer Specificationhttps://tc39.es/proposal-arraybuffer-transfer Design docs N/A Summary Adds the ArrayBuffer.prototype.transfer method, which copies the receiver buffer, detaches the receiver, then returns

Re: [blink-dev] Re: Intent to Ship: Private State Tokens API

The primary features are generally the same, with some internal format/wire format changes. Only the clients implementing the API and the issuers will need to make code changes to update to the new version, websites calling the fetch/JS APIs will not need to make any changes. We also believe that t

[blink-dev] Re: [Call for feedback] Proposal to gradually skip unload events: already unreliable, top back/forward cache blocker, better alternatives available!

[+sm...@mozilla.com] I'm relaying a piece of feedback from Mozilla in this github issue . It's possible that pages are depending on `unload` handlers in subframes for functionality even without any main frame navi

Re: [blink-dev] Intent to Ship: CSS :lang pseudo class level 4

Hi Yoav, thanks for checking, I will answer inline On Friday, March 17, 2023 at 10:59:14 AM UTC+1 yoav...@chromium.org wrote: On Thu, Mar 16, 2023 at 11:09 AM Roger Zanoni wrote: Contact emails rza...@igalia.com Explainer https://github.com/rogerzanoni/docs/tree/main/lang-level-4 Specificati