Client hints updates #4907
Client hints updates #4907
Conversation
hamishwillee
force-pushed
the
http_accept-ch
branch
from
fb9755c
to
306b354
Compare
| --- | ||
| <div>{{HTTPSidebar}}{{securecontext_header}}{{Deprecated_header}}{{Non-standard_header}}</div> | ||
| <div>{{HTTPSidebar}}{{securecontext_header}}{{Deprecated_header}}</div> |
There was a problem hiding this comment.
Note, this is non-standard. Last time I had both that and a deprecated header Chris suggested the deprecated header along covers that you should not use it.
hamishwillee
force-pushed
the
http_accept-ch
branch
from
57bedf7
to
c54fa6f
Compare
| @@ -26,7 +26,7 @@ | |||
| <li><code>Date</code></li> | |||
| <li><code>DNT</code></li> | |||
| <li><code>Expect</code></li> | |||
| <li><code>Feature-Policy</code></li> | |||
| <li><code>Feature-Policy</code></li> | |||
There was a problem hiding this comment.
@Elchi3 How does one find out if something is a forbidden header name? Specifically, I checked the Fetch spec, and it matches the list here except it does not mention Feature-Policy. So how would I find out that Feature Policy is forbidden (I searched on forbidden in the permission-policy spec too and the term does not appear).
The main reason I ask is that the client hints all have "?" in the table for forbidden, so would help me to understand how you confirm their status.
Further, w.r.t. this doc, should I also add Permission-Policy?
There was a problem hiding this comment.
Actually it's Permissions-Policy with an 's'.
There was a problem hiding this comment.
I thought the list from the Fetch spec is exhaustive and new forbidden headers would start with Sec- but maybe that is a misunderstanding from my side.
I previously only confirmed these by looking at the Fetch spec...
There was a problem hiding this comment.
Thanks @Elchi3. The fetch spec being exhaustive seems a reasonable assumption. Just wasn't one I wanted to make. Happy to go with that now.
I wont add Permissions-Policy because I now know that this will be done "all in one go" later on.
|
Hi @Elchi3 We already document these headers:
I think we are missing these (do you know of any reason not to include them)?:
Further there are a bunch of new User Agent Client Hints. These are defined in a "Draft Community Group Report, 4 May 2021" (i.e. not a standards track thingy yet). I haven't done a full check but at least some of these are implemented in chrome 90 (and not yet in firefox https://bugzilla.mozilla.org/show_bug.cgi?id=935216#c67). What is our position on documenting these? (i.e. "do we document these"?):
Are there any others you know of? Last of all, can you please review and merge this if it is OK? I'd like to do follow on fixes with bumping against other work people are doing :-) |
hamishwillee
requested review from
chrisdavidmills
and removed request for
a team
chrisdavidmills
requested review from
Elchi3
and removed request for
chrisdavidmills
|
Seems that @Elchi3 is a better choice of official reviewer for this one. |
|
@Elchi3 (or @chrisdavidmills ) do you think you might have time to look at this today? Then I can continue the work tomorrow :-) |
|
Sorry Hamish, I will try to get to it but probably not this week. |
|
@Elchi3 Thank you - just wanted to make sure this was on your radar. Plenty to go on with :-) FWIW An answer to the question above in #4907 (comment) is more useful than an actual review of the PR, as it would unblock me. |
These look good to me, although I'm not sure there is a (somewhat stable) specification for
Not sure who "ours" is in "our position". Mozilla thinks is it "non-harmful" in https://mozilla.github.io/standards-positions/
There seem to be quite a few Client hints specs but it looks like you got the main ones here. Of course things are always in flux... |
| - Deprecated | ||
| - Non-standard | ||
| - Exerimental |
There was a problem hiding this comment.
Deprecated, non-standard, experimental? What is going on here?
There was a problem hiding this comment.
@Elchi3 This is a reflection of the BCD.
Previously experimental was omitted - so all I did was add the tag as well (this updates the sidebar with the icon).
| @@ -81,12 +81,12 @@ <h2 id="Client_hints">Client hints</h2> | |||
| <dl> | |||
| <dt>{{HTTPHeader("Accept-CH")}} {{experimental_inline}}</dt> | |||
| <dd>Servers can advertise support for Client Hints using the <code>Accept-CH</code> header field or an equivalent HTML <code><meta></code> element with <code>http-equiv</code> attribute (<a href="https://html.spec.whatwg.org/multipage/semantics.html#attr-meta-http-equiv"><cite>[HTML]</cite></a>).</dd> | |||
| <dt>{{HTTPHeader("Accept-CH-Lifetime")}} {{experimental_inline}}</dt> | |||
| <dt>{{HTTPHeader("Accept-CH-Lifetime")}} {{experimental_inline}} {{deprecated_inline}}</dt> | |||
There was a problem hiding this comment.
@Elchi3 Still experimental but also deprecated.
There was a problem hiding this comment.
For all of these I matched the docs to BCD. Note that arguably for page headers you only need one of these - the deprecated. But since I can't find a clear policy on that I haven't removed the other headers. I have been trying to discuss/get agreement on that in the context of auto-generation of headers from BCD.
There was a problem hiding this comment.
Thanks for matching BCD, let's go with this then.
Co-authored-by: Florian Scholz <fs@florianscholz.com>
Co-authored-by: Florian Scholz <fs@florianscholz.com>
|
@Elchi3 I think I've either merged or answered your nits, and also fixed the conflicts. Thanks very much for the info on which headers to document. That will come as follow on. |
Partially fixes #1408
This does lots of other tidy up around the area and fixes part of the problem. But will do new additions as a post process.