Intent to Deprecate and Remove: [un]registerProtocolHandler() APIs in non-secure contexts

85 visningar
Hoppa till det första olästa meddelandet

Eric Lawrence

oläst,
20 nov. 2019 11:41:192019-11-20
till blink-dev
Intent to Deprecate and Remove: [un]registerProtocolHandler() APIs in non-secure contexts

Note: This is the same as https://groups.google.com/a/chromium.org/forum/#!searchin/blink-dev/intent|sort:date/blink-dev/0bfCDijaUzs/8-6en3oNBgAJ, but using the template in a new thread as requested. The original thread has 3 API Owner LGTMs.

Primary eng (and PM) emails

elaw...@chromium.org


Summary
HTML's registerProtocolHandler() gives a webpage a mechanism to register itself to handle a protocol after a user consents. For example, a web-based email application could register to handle the mailto: scheme. A corresponding unregisterProtocolHandler() API allows a site to abandon its protocol-handling registration.


A Chromium CL implementing this change is in review: 
 

Motivation
These two APIs expose a powerful capability (reconfigure client state, subsequently transmit potentially-sensitive data over the network) thus they should only be exposed in secure contexts. The same-origin restriction for the handler's URL target means that limiting protocol registration to secure contexts will also limit handlers to secure contexts.

A pull request to update the HTML specification https://github.com/whatwg/html/pull/5080 has been approved.

Interoperability and Compatibility Risk

Edge: Edge Spartan didn't have this API. Edge Anaheim is landing this change in Chromium.

Firefox: Supported, Firefox 62 removed this API from non-secure contexts: 

  https://www.fxsitecompat.dev/en-CA/docs/2018/support-for-registerprotocolhandler-on-insecure-sites-has-been-deprecated/

Safari: Protocol handling APIs are not supported. I'll try to find someone to comment here, but WebKit's bugs to implement the API are >7 years old, so it's unclear who might have as strong POV.


Alternative implementation suggestion for web developers

Use a secure context to call the API (e.g. turn on HTTPS).


Usage information from UseCounter

Metrics indicate that RegisterProtocolHandlerInsecureOrigin usage is very low (0.000559% of page loads).


Entry on the feature dashboard

https://chromestatus.com/feature/5756636801007616


Requesting approval to remove too?

“Yes”, in M80.

Chris Harrelson

oläst,
21 nov. 2019 15:31:572019-11-21
till Eric Lawrence, blink-dev
Just for the record, the previous 3 LGTMs still stand.

Good luck shipping this removal!

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/bf53f776-a57e-46f2-97f5-ad5aa1244c1e%40chromium.org.
Svara alla
Svara författaren
Vidarebefordra
0 nya meddelanden