-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Naming for new items in mode
.
#45
Comments
Should |
@jerryzz0 may have thoughts based on his implementation of the logic in our applications. At a high level, the thing that's important for security is distinguishing navigations from subresource loads, to prevent attacks on resources without breaking linking (with the idea that you can use COOP to prevent leaking information about non-renderable responses / subresources if they are navigated to directly in a top-level window). To future-proof against changes in For
So overall |
I like the idea of a prefix hierarchy as:
That being said, it's also not that big of a deal since whether this is future-proof on the application side depends on the specific server-side policy in place (e.g. navigation-blocking vs resource-blocking) i.e.
Since we anticipate resource-blocking to be a primary use case (over navigation-blocking), I would prefer to optimize for that case if we had to choose between My preference is that if we decide to change
|
It might make sense that for hierarchical values we use a different separator as the hyphen is already used for another purpose. E.g., cc @domenic |
Hrm. If we're going to be Would it be reasonable to drop |
That's fair and maybe that's an argument against that syntax. I worry that by using separate headers we make it easier to create faulty policies that forget about |
I also worry that folks will forget about things they ought to check (I wanted everything in one big header, as you'll recall... ;) ). But given that we just shipped this a minute ago, and the folks who are using it at scale a. haven't really started yet, and b. are pretty much all on this thread, I'm pretty confident that we can both change things up and document them in such a way that developers will understand what they need to do. Checking three headers isn't significantly more complicated than checking two (where the second really splits along two axes). I think that's still my preference. If y'all disagree, I can certainly be convinced that ever-more-complicated |
I guess I'd love to see what it would look like concretely. My worry is that with |
Strawproposal:
Indeed. This is confusing, and it may be better to explicitly label this as I'm less convinced that nested navigations (or portaled navigations?) are distinct in the same way. It seems like we might want to advertise the latter to give sites choices about what code to send (no reason to check for |
Okay, so the |
Right. Something like an enum of
|
@arturjanc, @jerryzz0, could y'all live with this bisection of |
If I understand correctly, the proposal is to:
I think this works. In particular:
In other words, in practice it'd function as a (similar but not identical) substitute to
Hmm that could be nice and might make things easier to understand on the application side; but then |
@jerryzz0 |
Mike's proposal above sounds mostly reasonable to me. My feedback is similar to what @jerryzz0 mentioned above; specifically:
One other possibility could be to reduce the number of values that are reported in For example, the only other existing
At a high level, we'd end up in a place where
|
|
For clarity, here's my current proposal:
Any objections to this approach? (@annevk, @arturjanc?) Top-level navigations would send:
This basically punts on Service Worker cooperation. They'll be able to take cached responses and reuse them in unexpected ways, and launder |
Sounds good to me, so if @annevk is on board I think we should do this. A couple of thoughts about this (mostly about adding explanatory text in the spec):
|
I like |
@annevk: I agree with you about the value of
|
As discussed in w3c/webappsec-fetch-metadata#45, splitting 'document' into a set of destination values that developers can use to determine whether the request is for a top-level document or a nested document will allow us to simplify Fetch Metadata checks performed server side.
As discussed in w3c/webappsec-fetch-metadata#45, We have decided to shift the model around nested navigations from exposure via the request's `mode` to its `destination`. This patch splits the existing `document` destination into three parts: - `document` for top-level navigations and, for the moment, <portals>. - `iframe` for <iframe> navigations. - `frame` for <frame> navigations. Subsequent patch will remove the `nested-document` mode when we're ready to ship `Sec-Fetch-Dest`. Bug: 1011724 Change-Id: I23f23922fb49523aa050f59cbf13aabc086600bb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1847295 Reviewed-by: Arthur Sonzogni <[email protected]> Reviewed-by: Mike West <[email protected]> Commit-Queue: Yifan Luo <[email protected]> Cr-Commit-Position: refs/heads/master@{#705527}
As discussed in w3c/webappsec-fetch-metadata#45, We have decided to shift the model around nested navigations from exposure via the request's `mode` to its `destination`. This patch shift the `nested-navigate` mode to two parts: - `navigate` for frame and iframe. - `no-cors` for object. Change-Id: I09a2be6b41547f6eeb1e308416234a40f0c9b5b3
As discussed in w3c/webappsec-fetch-metadata#45, We have decided to shift the model around nested navigations from exposure via the request's `mode` to its `destination`. This patch splits the existing `document` destination into three parts: - `document` for top-level navigations and, for the moment, <portals>. - `iframe` for <iframe> navigations. - `frame` for <frame> navigations. Subsequent patch will remove the `nested-document` mode when we're ready to ship `Sec-Fetch-Dest`. Bug: 1011724 Change-Id: I23f23922fb49523aa050f59cbf13aabc086600bb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1847295 Reviewed-by: Arthur Sonzogni <[email protected]> Reviewed-by: Mike West <[email protected]> Commit-Queue: Yifan Luo <[email protected]> Cr-Commit-Position: refs/heads/master@{#705527}
As discussed in w3c/webappsec-fetch-metadata#45, We have decided to shift the model around nested navigations from exposure via the request's `mode` to its `destination`. This patch splits the existing `document` destination into three parts: - `document` for top-level navigations and, for the moment, <portals>. - `iframe` for <iframe> navigations. - `frame` for <frame> navigations. Subsequent patch will remove the `nested-document` mode when we're ready to ship `Sec-Fetch-Dest`. Bug: 1011724 Change-Id: I23f23922fb49523aa050f59cbf13aabc086600bb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1847295 Reviewed-by: Arthur Sonzogni <[email protected]> Reviewed-by: Mike West <[email protected]> Commit-Queue: Yifan Luo <[email protected]> Cr-Commit-Position: refs/heads/master@{#705527}
Yep, will do, hopefully sometime this month.
Ship it :) |
…ination., a=testonly Automatic update from web-platform-tests Fetch Metadata: split up `document` destination. As discussed in w3c/webappsec-fetch-metadata#45, We have decided to shift the model around nested navigations from exposure via the request's `mode` to its `destination`. This patch splits the existing `document` destination into three parts: - `document` for top-level navigations and, for the moment, <portals>. - `iframe` for <iframe> navigations. - `frame` for <frame> navigations. Subsequent patch will remove the `nested-document` mode when we're ready to ship `Sec-Fetch-Dest`. Bug: 1011724 Change-Id: I23f23922fb49523aa050f59cbf13aabc086600bb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1847295 Reviewed-by: Arthur Sonzogni <[email protected]> Reviewed-by: Mike West <[email protected]> Commit-Queue: Yifan Luo <[email protected]> Cr-Commit-Position: refs/heads/master@{#705527} -- wpt-commits: 9fffe2189f5c87287393486e1f1e260cf71dcddf wpt-pr: 19704
…ination., a=testonly Automatic update from web-platform-tests Fetch Metadata: split up `document` destination. As discussed in w3c/webappsec-fetch-metadata#45, We have decided to shift the model around nested navigations from exposure via the request's `mode` to its `destination`. This patch splits the existing `document` destination into three parts: - `document` for top-level navigations and, for the moment, <portals>. - `iframe` for <iframe> navigations. - `frame` for <frame> navigations. Subsequent patch will remove the `nested-document` mode when we're ready to ship `Sec-Fetch-Dest`. Bug: 1011724 Change-Id: I23f23922fb49523aa050f59cbf13aabc086600bb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1847295 Reviewed-by: Arthur Sonzogni <[email protected]> Reviewed-by: Mike West <[email protected]> Commit-Queue: Yifan Luo <[email protected]> Cr-Commit-Position: refs/heads/master@{#705527} -- wpt-commits: 9fffe2189f5c87287393486e1f1e260cf71dcddf wpt-pr: 19704
As discussed in w3c/webappsec-fetch-metadata#45, We have decided to shift the model around nested navigations from exposure via the request's `mode` to its `destination`. This patch shift the `nested-navigate` mode to two parts: - `navigate` for frame and iframe. - `no-cors` for object. Change-Id: I09a2be6b41547f6eeb1e308416234a40f0c9b5b3
As discussed in w3c/webappsec-fetch-metadata#45, We have decided to shift the model around nested navigations from exposure via the request's `mode` to its `destination`. This patch shift the `nested-navigate` mode to two parts: - `navigate` for frame and iframe. - `no-cors` for object. Change-Id: I09a2be6b41547f6eeb1e308416234a40f0c9b5b3
As discussed in w3c/webappsec-fetch-metadata#45, We have decided to shift the model around nested navigations from exposure via the request's `mode` to its `destination`. This patch shift the `nested-navigate` mode to two parts: - `navigate` for frame and iframe. - `no-cors` for object. Change-Id: I09a2be6b41547f6eeb1e308416234a40f0c9b5b3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1862690 Commit-Queue: Yifan Luo <[email protected]> Reviewed-by: Mike West <[email protected]> Cr-Commit-Position: refs/heads/master@{#709478}
As discussed in w3c/webappsec-fetch-metadata#45, We have decided to shift the model around nested navigations from exposure via the request's `mode` to its `destination`. This patch shift the `nested-navigate` mode to two parts: - `navigate` for frame and iframe. - `no-cors` for object. Change-Id: I09a2be6b41547f6eeb1e308416234a40f0c9b5b3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1862690 Commit-Queue: Yifan Luo <[email protected]> Reviewed-by: Mike West <[email protected]> Cr-Commit-Position: refs/heads/master@{#709478}
…ination., a=testonly Automatic update from web-platform-tests Fetch Metadata: split up `document` destination. As discussed in w3c/webappsec-fetch-metadata#45, We have decided to shift the model around nested navigations from exposure via the request's `mode` to its `destination`. This patch splits the existing `document` destination into three parts: - `document` for top-level navigations and, for the moment, <portals>. - `iframe` for <iframe> navigations. - `frame` for <frame> navigations. Subsequent patch will remove the `nested-document` mode when we're ready to ship `Sec-Fetch-Dest`. Bug: 1011724 Change-Id: I23f23922fb49523aa050f59cbf13aabc086600bb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1847295 Reviewed-by: Arthur Sonzogni <arthursonzognichromium.org> Reviewed-by: Mike West <mkwstchromium.org> Commit-Queue: Yifan Luo <lyfgoogle.com> Cr-Commit-Position: refs/heads/master{#705527} -- wpt-commits: 9fffe2189f5c87287393486e1f1e260cf71dcddf wpt-pr: 19704 UltraBlame original commit: 6c40eb9450ccdf7f44b0e1244f4f14ccae2f1c47
…ination., a=testonly Automatic update from web-platform-tests Fetch Metadata: split up `document` destination. As discussed in w3c/webappsec-fetch-metadata#45, We have decided to shift the model around nested navigations from exposure via the request's `mode` to its `destination`. This patch splits the existing `document` destination into three parts: - `document` for top-level navigations and, for the moment, <portals>. - `iframe` for <iframe> navigations. - `frame` for <frame> navigations. Subsequent patch will remove the `nested-document` mode when we're ready to ship `Sec-Fetch-Dest`. Bug: 1011724 Change-Id: I23f23922fb49523aa050f59cbf13aabc086600bb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1847295 Reviewed-by: Arthur Sonzogni <arthursonzognichromium.org> Reviewed-by: Mike West <mkwstchromium.org> Commit-Queue: Yifan Luo <lyfgoogle.com> Cr-Commit-Position: refs/heads/master{#705527} -- wpt-commits: 9fffe2189f5c87287393486e1f1e260cf71dcddf wpt-pr: 19704 UltraBlame original commit: 6c40eb9450ccdf7f44b0e1244f4f14ccae2f1c47
…ination., a=testonly Automatic update from web-platform-tests Fetch Metadata: split up `document` destination. As discussed in w3c/webappsec-fetch-metadata#45, We have decided to shift the model around nested navigations from exposure via the request's `mode` to its `destination`. This patch splits the existing `document` destination into three parts: - `document` for top-level navigations and, for the moment, <portals>. - `iframe` for <iframe> navigations. - `frame` for <frame> navigations. Subsequent patch will remove the `nested-document` mode when we're ready to ship `Sec-Fetch-Dest`. Bug: 1011724 Change-Id: I23f23922fb49523aa050f59cbf13aabc086600bb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1847295 Reviewed-by: Arthur Sonzogni <arthursonzognichromium.org> Reviewed-by: Mike West <mkwstchromium.org> Commit-Queue: Yifan Luo <lyfgoogle.com> Cr-Commit-Position: refs/heads/master{#705527} -- wpt-commits: 9fffe2189f5c87287393486e1f1e260cf71dcddf wpt-pr: 19704 UltraBlame original commit: 6c40eb9450ccdf7f44b0e1244f4f14ccae2f1c47
…te` mode., a=testonly Automatic update from web-platform-tests Fetch Metadata: deprecate `nested-navigate` mode. As discussed in w3c/webappsec-fetch-metadata#45, We have decided to shift the model around nested navigations from exposure via the request's `mode` to its `destination`. This patch shift the `nested-navigate` mode to two parts: - `navigate` for frame and iframe. - `no-cors` for object. Change-Id: I09a2be6b41547f6eeb1e308416234a40f0c9b5b3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1862690 Commit-Queue: Yifan Luo <[email protected]> Reviewed-by: Mike West <[email protected]> Cr-Commit-Position: refs/heads/master@{#709478} -- wpt-commits: 2eebdd2f37758cdd94c0c2bddc70763862ef283f wpt-pr: 19703 Differential Revision: https://phabricator.services.mozilla.com/D53477
…te` mode., a=testonly Automatic update from web-platform-tests Fetch Metadata: deprecate `nested-navigate` mode. As discussed in w3c/webappsec-fetch-metadata#45, We have decided to shift the model around nested navigations from exposure via the request's `mode` to its `destination`. This patch shift the `nested-navigate` mode to two parts: - `navigate` for frame and iframe. - `no-cors` for object. Change-Id: I09a2be6b41547f6eeb1e308416234a40f0c9b5b3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1862690 Commit-Queue: Yifan Luo <[email protected]> Reviewed-by: Mike West <[email protected]> Cr-Commit-Position: refs/heads/master@{#709478} -- wpt-commits: 2eebdd2f37758cdd94c0c2bddc70763862ef283f wpt-pr: 19703 Differential Revision: https://phabricator.services.mozilla.com/D53477
…te` mode., a=testonly Automatic update from web-platform-tests Fetch Metadata: deprecate `nested-navigate` mode. As discussed in w3c/webappsec-fetch-metadata#45, We have decided to shift the model around nested navigations from exposure via the request's `mode` to its `destination`. This patch shift the `nested-navigate` mode to two parts: - `navigate` for frame and iframe. - `no-cors` for object. Change-Id: I09a2be6b41547f6eeb1e308416234a40f0c9b5b3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1862690 Commit-Queue: Yifan Luo <lyfgoogle.com> Reviewed-by: Mike West <mkwstchromium.org> Cr-Commit-Position: refs/heads/master{#709478} -- wpt-commits: 2eebdd2f37758cdd94c0c2bddc70763862ef283f wpt-pr: 19703 Differential Revision: https://phabricator.services.mozilla.com/D53477 UltraBlame original commit: 882f13426698c48ef98024c93a1a230427535bd0
…te` mode., a=testonly Automatic update from web-platform-tests Fetch Metadata: deprecate `nested-navigate` mode. As discussed in w3c/webappsec-fetch-metadata#45, We have decided to shift the model around nested navigations from exposure via the request's `mode` to its `destination`. This patch shift the `nested-navigate` mode to two parts: - `navigate` for frame and iframe. - `no-cors` for object. Change-Id: I09a2be6b41547f6eeb1e308416234a40f0c9b5b3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1862690 Commit-Queue: Yifan Luo <lyfgoogle.com> Reviewed-by: Mike West <mkwstchromium.org> Cr-Commit-Position: refs/heads/master{#709478} -- wpt-commits: 2eebdd2f37758cdd94c0c2bddc70763862ef283f wpt-pr: 19703 Differential Revision: https://phabricator.services.mozilla.com/D53477 UltraBlame original commit: 882f13426698c48ef98024c93a1a230427535bd0
…te` mode., a=testonly Automatic update from web-platform-tests Fetch Metadata: deprecate `nested-navigate` mode. As discussed in w3c/webappsec-fetch-metadata#45, We have decided to shift the model around nested navigations from exposure via the request's `mode` to its `destination`. This patch shift the `nested-navigate` mode to two parts: - `navigate` for frame and iframe. - `no-cors` for object. Change-Id: I09a2be6b41547f6eeb1e308416234a40f0c9b5b3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1862690 Commit-Queue: Yifan Luo <lyfgoogle.com> Reviewed-by: Mike West <mkwstchromium.org> Cr-Commit-Position: refs/heads/master{#709478} -- wpt-commits: 2eebdd2f37758cdd94c0c2bddc70763862ef283f wpt-pr: 19703 Differential Revision: https://phabricator.services.mozilla.com/D53477 UltraBlame original commit: 882f13426698c48ef98024c93a1a230427535bd0
As discussed in w3c/webappsec-fetch-metadata#45, splitting 'document' into a set of destination values that developers can use to determine whether the request is for a top-level document or a nested document will allow us to simplify Fetch Metadata checks performed server side.
You'll need to set an expiry on invitations like this. @domenic recently referenced a trend for new headers to use the HTTP Structured Headers syntax. If that's applicable here, then rather than
|
I spoke too soon. We're actually extending the request's associated "destination" with the new values, so parameterizing "document" isn't appropriate, after all. |
As discussed in w3c/webappsec-fetch-metadata#45, this patch splits the `document` destination into `document`, `frame`, and `iframe`. These destinations distinguish top-level navigation from nested navigation, and exposing this data via `Sec-Fetch-Dest` will allow developers to better understand the nature of a request. This patch also redefines "navigation request" and "non-subresource request" to include `embed` and `object` destinations as a consequence of the conversation in [1], which will also change the `mode` of those requests from `no-cors` to `navigate` [2]. These changes are covered by WPT in //fetch/metadata, specifically [3], [4], [5], and [6]. [1]: #948 (comment) [2]: https://github.com/whatwg/html/pull/4976/files [3]: https://github.com/web-platform-tests/wpt/blob/master/fetch/metadata/embed.tentative.https.sub.html [4]: https://github.com/web-platform-tests/wpt/blob/master/fetch/metadata/object.tentative.https.sub.html [5]: https://github.com/web-platform-tests/wpt/blob/master/fetch/metadata/iframe.tentative.https.sub.html [6]: https://github.com/web-platform-tests/wpt/blob/master/fetch/metadata/navigation.tentative.https.sub.html
As discussed in w3c/webappsec-fetch-metadata#45, this patch splits the `document` destination into `document`, `frame`, and `iframe`. These destinations distinguish top-level navigation from nested navigation, and exposing this data via `Sec-Fetch-Dest` will allow developers to better understand the nature of a request. This patch also redefines "navigation request" and "non-subresource request" to include `embed` and `object` destinations as a consequence of the conversation in [1], which will also change the `mode` of those requests from `no-cors` to `navigate` [2]. These changes are covered by WPT in //fetch/metadata, specifically [3], [4], [5], and [6]. [1]: #948 (comment) [2]: https://github.com/whatwg/html/pull/4976/files [3]: https://github.com/web-platform-tests/wpt/blob/master/fetch/metadata/embed.tentative.https.sub.html [4]: https://github.com/web-platform-tests/wpt/blob/master/fetch/metadata/object.tentative.https.sub.html [5]: https://github.com/web-platform-tests/wpt/blob/master/fetch/metadata/iframe.tentative.https.sub.html [6]: https://github.com/web-platform-tests/wpt/blob/master/fetch/metadata/navigation.tentative.https.sub.html
As discussed in w3c/webappsec-fetch-metadata#45, this splits the "document" destination into "document", "frame", and "iframe". These destinations distinguish top-level navigation from nested navigation, and exposing this data via `Sec-Fetch-Dest` will allow developers to better understand the nature of a request. This patch also redefines "navigation request" and "non-subresource request" to include "embed" and "object" destinations as discussed at #948 (comment). That discussion also resulted in other changes: * whatwg/html#4976 * w3c/ServiceWorker#1486 Tests: * https://github.com/web-platform-tests/wpt/blob/master/fetch/metadata/embed.tentative.https.sub.html * https://github.com/web-platform-tests/wpt/blob/master/fetch/metadata/object.tentative.https.sub.html * https://github.com/web-platform-tests/wpt/blob/master/fetch/metadata/iframe.tentative.https.sub.html * https://github.com/web-platform-tests/wpt/blob/master/fetch/metadata/navigation.tentative.https.sub.html * https://github.com/web-platform-tests/wpt/blob/master/service-workers/service-worker/embed-and-object-are-not-intercepted.https.html
As discussed in w3c/webappsec-fetch-metadata#45, this splits the "document" destination into "document", "frame", and "iframe". These destinations distinguish top-level navigation from nested navigation, and exposing this data via `Sec-Fetch-Dest` will allow developers to better understand the nature of a request. This patch also redefines "navigation request" and "non-subresource request" to include "embed" and "object" destinations as discussed at #948 (comment). That discussion also resulted in other changes: * whatwg/html#4976 * w3c/ServiceWorker#1486 Tests: * https://github.com/web-platform-tests/wpt/blob/master/fetch/metadata/embed.tentative.https.sub.html * https://github.com/web-platform-tests/wpt/blob/master/fetch/metadata/object.tentative.https.sub.html * https://github.com/web-platform-tests/wpt/blob/master/fetch/metadata/iframe.tentative.https.sub.html * https://github.com/web-platform-tests/wpt/blob/master/fetch/metadata/navigation.tentative.https.sub.html * https://github.com/web-platform-tests/wpt/blob/master/service-workers/service-worker/embed-and-object-are-not-intercepted.https.html
This can be closed. We settled on changing request's destination concept a bit. |
Indeed. Thanks! |
At TPAC, @clelland suggested that we could future-proof the
mode
mechanism by shifting fromnested-navigate
tonavigate-nested
, which would allow developers to readnavigate-
as a prefix. This dovetails with the suggestion in #37 that we might want to distinguish<object>
inmode
.How would you feel about this in your implementation, @arturjanc / @lweichselbaum?
@annevk, FYI.
The text was updated successfully, but these errors were encountered: