-
Notifications
You must be signed in to change notification settings - Fork 22.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Client hints updates #4907
Client hints updates #4907
Conversation
fb9755c
to
306b354
Compare
--- | ||
<div>{{HTTPSidebar}}{{securecontext_header}}{{Deprecated_header}}{{Non-standard_header}}</div> | ||
<div>{{HTTPSidebar}}{{securecontext_header}}{{Deprecated_header}}</div> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note, this is non-standard. Last time I had both that and a deprecated header Chris suggested the deprecated header along covers that you should not use it.
57bedf7
to
c54fa6f
Compare
@@ -26,7 +26,7 @@ | |||
<li><code>Date</code></li> | |||
<li><code>DNT</code></li> | |||
<li><code>Expect</code></li> | |||
<li><code>Feature-Policy</code></li> | |||
<li><code>Feature-Policy</code></li> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Elchi3 How does one find out if something is a forbidden header name? Specifically, I checked the Fetch spec, and it matches the list here except it does not mention Feature-Policy. So how would I find out that Feature Policy is forbidden (I searched on forbidden in the permission-policy spec too and the term does not appear).
The main reason I ask is that the client hints all have "?" in the table for forbidden, so would help me to understand how you confirm their status.
Further, w.r.t. this doc, should I also add Permission-Policy?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually it's Permissions-Policy
with an 's'.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought the list from the Fetch spec is exhaustive and new forbidden headers would start with Sec-
but maybe that is a misunderstanding from my side.
I previously only confirmed these by looking at the Fetch spec...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @Elchi3. The fetch spec being exhaustive seems a reasonable assumption. Just wasn't one I wanted to make. Happy to go with that now.
I wont add Permissions-Policy
because I now know that this will be done "all in one go" later on.
Hi @Elchi3 We already document these headers:
I think we are missing these (do you know of any reason not to include them)?:
Further there are a bunch of new User Agent Client Hints. These are defined in a "Draft Community Group Report, 4 May 2021" (i.e. not a standards track thingy yet). I haven't done a full check but at least some of these are implemented in chrome 90 (and not yet in firefox https://bugzilla.mozilla.org/show_bug.cgi?id=935216#c67). What is our position on documenting these? (i.e. "do we document these"?):
Are there any others you know of? Last of all, can you please review and merge this if it is OK? I'd like to do follow on fixes with bumping against other work people are doing :-) |
Seems that @Elchi3 is a better choice of official reviewer for this one. |
@Elchi3 (or @chrisdavidmills ) do you think you might have time to look at this today? Then I can continue the work tomorrow :-) |
Sorry Hamish, I will try to get to it but probably not this week. |
@Elchi3 Thank you - just wanted to make sure this was on your radar. Plenty to go on with :-) FWIW An answer to the question above in #4907 (comment) is more useful than an actual review of the PR, as it would unblock me. |
These look good to me, although I'm not sure there is a (somewhat stable) specification for
Not sure who "ours" is in "our position". Mozilla thinks is it "non-harmful" in https://mozilla.github.io/standards-positions/
There seem to be quite a few Client hints specs but it looks like you got the main ones here. Of course things are always in flux... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR! Some nits but LGTM otherwise
- Deprecated | ||
- Non-standard | ||
- Exerimental |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Deprecated, non-standard, experimental? What is going on here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Elchi3 This is a reflection of the BCD.
Previously experimental was omitted - so all I did was add the tag as well (this updates the sidebar with the icon).
@@ -81,12 +81,12 @@ <h2 id="Client_hints">Client hints</h2> | |||
<dl> | |||
<dt>{{HTTPHeader("Accept-CH")}} {{experimental_inline}}</dt> | |||
<dd>Servers can advertise support for Client Hints using the <code>Accept-CH</code> header field or an equivalent HTML <code><meta></code> element with <code>http-equiv</code> attribute (<a href="https://html.spec.whatwg.org/multipage/semantics.html#attr-meta-http-equiv"><cite>[HTML]</cite></a>).</dd> | |||
<dt>{{HTTPHeader("Accept-CH-Lifetime")}} {{experimental_inline}}</dt> | |||
<dt>{{HTTPHeader("Accept-CH-Lifetime")}} {{experimental_inline}} {{deprecated_inline}}</dt> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No longer experimental?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Elchi3 Still experimental but also deprecated.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For all of these I matched the docs to BCD. Note that arguably for page headers you only need one of these - the deprecated. But since I can't find a clear policy on that I haven't removed the other headers. I have been trying to discuss/get agreement on that in the context of auto-generation of headers from BCD.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for matching BCD, let's go with this then.
Co-authored-by: Florian Scholz <fs@florianscholz.com>
Co-authored-by: Florian Scholz <fs@florianscholz.com>
@Elchi3 I think I've either merged or answered your nits, and also fixed the conflicts. Thanks very much for the info on which headers to document. That will come as follow on. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks Hamish! 🎉
Partially fixes #1408
This does lots of other tidy up around the area and fixes part of the problem. But will do new additions as a post process.