Re: [blink-dev] Re: Intent to Prototype: Responsive iframes

Collection of security review: - Does the feature include consideration of fenced frame? - Although the new exposed information seems to be minor and only exposed when both side opt-in, could you please note down the risk in spec later? If you want to low down the risk even more, you can consider

Re: [blink-dev] Intent to Prototype: PNA permission prompt for non-fetch requests

4 at 5:37:18 AM UTC+1 dom...@chromium.org wrote: > >> It's not clear what this intent or explainer means by "non-fetch >> requests". https://github.com/WICG/private-network-access/issues/129 >> >> On Fri, Mar 1, 2024 at 12:52 AM 'Yifan Luo' via bli

Re: [blink-dev] Intent to Prototype: PNA permission prompt for non-fetch requests

i, Mar 1, 2024 at 12:52 AM 'Yifan Luo' via blink-dev < > blin...@chromium.org> wrote: > >> Contact emailsl...@chromium.org >> >> Explainer >> https://github.com/WICG/private-network-access/blob/main/permission_prompt/explariner_non-fetch_requests.md >>

Re: [blink-dev] Intent to Extend Deprecation Trial: Restrict "private network requests" for subresources from public websites to secure contexts.

wrote: > Can you clarify which milestones are you requesting to run this extended > deprecation trial on? > > On Wed, Feb 28, 2024 at 11:01 AM 'Yifan Luo' via blink-dev < > blin...@chromium.org> wrote: > >> Contact emailsl...@chromium.org, tit...@chromium.org, c

[blink-dev] Intent to Prototype: PNA permission prompt for non-fetch requests

Contact emails...@chromium.org Explainer https://github.com/WICG/private-network-access/blob/main/permission_prompt/explariner_non-fetch_requests.md Specificationhttps://wicg.github.io/private-network-access Summary A new Content Security Policy `private-address-space` and `local-address-space`

[blink-dev] Intent to Extend Deprecation Trial: Restrict "private network requests" for subresources from public websites to secure contexts.

Contact emails...@chromium.org, tito...@chromium.org, cl...@chromium.org, mk...@chromium.org, v...@chromium.org Explainer https://github.com/WICG/private-network-access/blob/master/explainer.md Specificationhttps://wicg.github.io/private-network-access Design docs https://docs.google.com/documen

Re: [blink-dev] Intent to Ship: Private Network Access permission to relax mixed content

n-backward-compatible way). > None > > Link to entry on the Chrome Platform Status > https://chromestatus.com/feature/5954091755241472 > > Links to previous Intent discussionsIntent to prototype: > https://groups.google.com/a/chromium.org/g/blink-dev/c/6MczoSFGiHo/m/IigYuhu7AwAJ >

Re: [blink-dev] Intent to Ship: Private Network Access permission to relax mixed content

.google.com/a/chromium.org/d/msgid/blink-dev/CAG-zKU_ZS1ibT9H7e5UmoUF2OfCUq5ocsDHaCoJ2rShmPmAejQ%40mail.gmail.com This intent message was generated by Chrome Platform Status <https://chromestatus.com/>. On Friday, January 26, 2024 at 6:34:49 PM UTC+1 Vladimir Levin wrote: > On Fri, Jan 26, 2024 at 5:07 AM

[blink-dev] Intent to Ship: Private Network Access permission to relax mixed content

Contact emails...@chromium.org, cl...@chromium.org Explainer https://github.com/WICG/private-network-access/blob/main/permission_prompt/explainer.md Specificationhttps://wicg.github.io/private-network-access Design docs https://docs.google.com/document/d/1Q18g4fZoDIYQ9IuxlZTaItgkzfiz_tCqaEAI8J3Y

[blink-dev] Intent to Prototype: Deprecate 0.0.0.0 for Private Network Access

Contact emails...@chromium.org ExplainerNone Specificationhttps://wicg.github.io/private-network-access Summary We propose to block access to IP address 0.0.0.0. Chrome is deprecating direct access to private network endpoints from public websites as part of the Private Network Access (PNA) spe

[blink-dev] Re: Request for Extend Deprecation Trial: Restrict "private network requests" for subresources from public websites to secure contexts.

Dear API owners, Kindly ping on this since https://groups.google.com/a/chromium.org/g/blink-dev/c/sL15TKGmXqM/m/rD0SF8sQBwAJ has been approved. best, Yifan On Friday, October 20, 2023 at 6:16:58 PM UTC+2 Yifan Luo wrote: > Contact emailscl...@chromium.org, mk...@chromium.org, va...@chromium

Re: [blink-dev] Intent to Experiment: Private Network Access permission to relax mixed content

Hello Mike, Sure and done. Yifan On Tuesday, October 24, 2023 at 1:36:32 AM UTC+2 blink-dev wrote: > Hi Yifan, > > Could you please request Privacy, Security, and Debuggability reviews in > the chromestatus entry? > > thanks, > Mike > On 10/20/23 9:49 AM, 'Y

[blink-dev] Request for Extend Deprecation Trial: Restrict "private network requests" for subresources from public websites to secure contexts.

Contact emailscl...@chromium.org, mk...@chromium.org, v...@chromium.org, l...@chromium.org Explainer https://github.com/WICG/private-network-access/blob/master/explainer.md Specificationhttps://wicg.github.io/private-network-access Design docs https://docs.google.com/document/d/1x1a1fQLOrcWogK3t

[blink-dev] Intent to Experiment: Private Network Access permission to relax mixed content

Contact emails...@chromium.org, cl...@chromium.org Explainer https://github.com/iVanlIsh/private-network-access/blob/main/explainer.md Specificationhttps://wicg.github.io/private-network-access Design docs https://docs.google.com/document/d/1Q18g4fZoDIYQ9IuxlZTaItgkzfiz_tCqaEAI8J3Y1WY/edit Summ

[blink-dev] Re: Intent to Extend Deprecation Trial: Restrict "private network requests" for subresources from public websites to secure contexts.

Hey all, I would like to clarify that the current deprecation trial ends on M116 so that I would like to extend it to M119. best, Yifan On Thursday, June 22, 2023 at 3:38:15 PM UTC+2 Yifan Luo wrote: > Contact emailstit...@chromium.org, cl...@chromium.org, mk...@chromium.org > , va...@chromium

[blink-dev] Intent to Extend Deprecation Trial: Restrict "private network requests" for subresources from public websites to secure contexts.

Contact emailstito...@chromium.org, cl...@chromium.org, mk...@chromium.org, v...@chromium.org, l...@chromium.org Explainer https://github.com/WICG/private-network-access/blob/master/explainer.md Specificationhttps://wicg.github.io/private-network-access Design docs https://docs.google.com/docume

[blink-dev] Intent to Extend Deprecation Trial: Restrict "private network requests" for subresources from public websites to secure contexts.

Contact emails tito...@chromium.org, cl...@chromium.org, mk...@chromium.org, v...@chromium.org, l...@chromium.org Explainer https://github.com/WICG/private-network-access/blob/master/explainer.md Specificationhttps://wicg.github.io/private-network-access Design docs https://docs.google.com/docum

Re: [blink-dev] Intent to Extend Deprecation Trial: Restrict "private network requests" for subresources from public websites to secure contexts.

;intent to >>> extend experiment" you linked to indicates experimentation until M106. Is >>> that correct? >>> >>> On Tue, Dec 6, 2022 at 3:35 PM 'Yifan Luo' via blink-dev < >>> blin...@chromium.org> wrote: >>> >&

[blink-dev] Intent to Extend Deprecation Trial: Restrict "private network requests" for subresources from public websites to secure contexts.

Contact emailstito...@chromium.org, cl...@chromium.org, mk...@chromium.org, v...@chromium.org, l...@chromium.org Explainer https://github.com/WICG/private-network-access/blob/master/explainer.md Specificationhttps://wicg.github.io/private-network-access Design docs https://docs.google.com/docume

[blink-dev] Intent to Extend Deprecation Trial: Restrict "private network requests" for subresources from public websites to secure contexts.

Contact emailstito...@chromium.org, cl...@chromium.org, mk...@chromium.org, v...@chromium.org, l...@chromium.org Explainer https://github.com/WICG/private-network-access/blob/master/explainer.md Specificationhttps://wicg.github.io/private-network-access Design docs https://docs.google.com/docume

Re: [blink-dev] Intent to Ship: Use Non-Transitional IDNA Processing in URLs

On Wednesday, November 30, 2022 at 6:37:57 AM UTC+1 yoav...@chromium.org wrote: > Thanks for working on alignment here!! > > On Tue, Nov 29, 2022 at 7:30 AM 'Harald Alvestrand' via blink-dev < > blin...@chromium.org> wrote: > >> This IDNA 2008 author applauds your decision. >> >> >> On Mon, Nov

[blink-dev] Re: Intent to Prototype: WebAuthn devicePubKey extension support

Hey! I'm taking a look at this feature as a security reviewer and I'm a bit lack of the background information of it. Would you mind adding some explainer/design doc for it? It would be great if you could also fill in a security-privacy-questionnaire

[blink-dev] Intent to Prototype: Private Network Access permission to relax mixed content

Contact emails...@chromium.org, cl...@chromium.org, tito...@chromium.org Explainer https://github.com/iVanlIsh/private-network-access/blob/main/explainer.md Specificationhttps://wicg.github.io/private-network-access Design docs https://docs.google.com/document/d/1Q18g4fZoDIYQ9IuxlZTaItgkzfiz_tCq

[blink-dev] Intent to Ship: COEP for shared worker

Contact emails l...@chromium.org, arthursonzo...@chromium.org Explainer https://docs.google.com/document/d/1mpIKhBhsx4deZXu3C2bnie5LSbzumjD1m6uhJx-hPQA/edit?usp=sharing Specificationhttps://wicg.github.io/cross-origin-embedder-policy/ Summary Enforce Cross-Origin-Embedder-Policy in SharedWorker