Contact emails
tba...@chromium.org, igri...@chromium.org, be...@chromium.org
Spec
https://tools.ietf.org/html/draft-ietf-httpbis-client-hints-05#section-2.2.2
Discussion threads:
https://github.com/httpwg/http-extensions/issues/306 (feature)
https://github.com/httpwg/http-extensions/issues/372 (privacy)
Blink-dev i2i thread:
https://groups.google.com/a/chromium.org/d/topic/blink-dev/QHI3sio6--Q/discussion
Summary and Motivation:
Client Hints enables user agent to provide device-specific preferences in the HTTP request headers, which can be used for proactive content negotiation. As currently implemented, hints are only available for subresource requests of a response that provides the explicit opt-in signal, either via Accept-CH response header or equivalent HTML markup. The opt-in preference is not persisted across navigations, and hints are thus not available on the initial (navigation) request.
Based on developer feedback, inability to receive hints on navigation requests has proven to be a major hurdle for adoption: many critical negotiation decisions need to be made on the initial request. To address this, the client hints spec was recently updated to allow origins to persist their opt-in policy for a specified period of time via the Accept-CH-Lifetime HTTP response header. One limitation of this approach is that the hints are not available on the “very first” navigation request to the origin, before the opt-in is discovered and persisted; hints are available on repeat navigation requests. However, given past concerns with respect to header bloat (if we were to enable all hints by default on all requests to all origins), we believe this is a good and workable tradeoff.
During development and privacy review of Accept-CH-Lifetime, we also converged on:
Client Hints delivery is restricted to Secure Contexts
Opt-in is origin-scoped and by default extends to 1P resources only.
1P will have to explicitly delegate permission for 3P origins to opt-in (via Feature Policy)
Delivery is conditional on 1P origin having permission to store cookies and run JavaScript.
Above updates are “breaking” with respect to previous implementation: hints are no longer available over HTTP and 3P parties will not receive hints by default. However, CH usage is currently low (<= 0.03% of page loads) and we believe that the potential breakage is (a) low, and (b) outweighted by long-term security and privacy benefits of the new model.
Finally, this i2s does not address (2a): this will be solved via integration with Feature Policy and will ship separately later in the year.
Interoperability and Compatibility Risk:
Compat risk: low. Positive signals from web developers for Accept-CH-Lifetime.
Interop risk: small. Only Blink-based browsers support CH today.
Ongoing technical constraints:
None.
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
Yes.
Requesting Approval to Ship?
Yes.
Link to TAG discussion
https://github.com/w3ctag/design-reviews/issues/206
Privacy & Security
The headers are sent by the user agent only on secure HTTPS connections. Further, the client hints are attached to the request headers only if the origin has permissions to store cookies and run JavaScript. To prevent third party origins from accessing information that might be unavailable to them otherwise, the client hints are attached only to the requests to the first party origins.
Related discussions:
https://github.com/httpwg/http-extensions/issues/372 (privacy)
https://github.com/WICG/feature-policy/issues/129 (feature policy integration)
Is this feature fully tested by web-platform-tests?
Feature is well tested within Chromium, but web platform tests are missing.
Chromium issue to add web platform tests.
OWP launch tracking bug
https://bugs.chromium.org/p/chromium/issues/detail?id=735518
Link to entry on the feature dashboard
https://www.chromestatus.com/features/5713139295322112
Contact emails
tba...@chromium.org, igri...@chromium.org, be...@chromium.org
Spec
https://tools.ietf.org/html/draft-ietf-httpbis-client-hints-05#section-2.2.2
Discussion threads:
https://github.com/httpwg/http-extensions/issues/306 (feature)
https://github.com/httpwg/http-extensions/issues/372 (privacy)
Blink-dev i2i thread:
https://groups.google.com/a/chromium.org/d/topic/blink-dev/QHI3sio6--Q/discussion
Summary and Motivation:
Client Hints enables user agent to provide device-specific preferences in the HTTP request headers, which can be used for proactive content negotiation. As currently implemented, hints are only available for subresource requests of a response that provides the explicit opt-in signal, either via Accept-CH response header or equivalent HTML markup. The opt-in preference is not persisted across navigations, and hints are thus not available on the initial (navigation) request.
Based on developer feedback, inability to receive hints on navigation requests has proven to be a major hurdle for adoption: many critical negotiation decisions need to be made on the initial request. To address this, the client hints spec was recently updated to allow origins to persist their opt-in policy for a specified period of time via the Accept-CH-Lifetime HTTP response header. One limitation of this approach is that the hints are not available on the “very first” navigation request to the origin, before the opt-in is discovered and persisted; hints are available on repeat navigation requests. However, given past concerns with respect to header bloat (if we were to enable all hints by default on all requests to all origins), we believe this is a good and workable tradeoff.
During development and privacy review of Accept-CH-Lifetime, we also converged on:
Client Hints delivery is restricted to Secure Contexts
Opt-in is origin-scoped and by default extends to 1P resources only.
1P will have to explicitly delegate permission for 3P origins to opt-in (via Feature Policy)
Delivery is conditional on 1P origin having permission to store cookies and run JavaScript.
Above updates are “breaking” with respect to previous implementation: hints are no longer available over HTTP and 3P parties will not receive hints by default. However, CH usage is currently low (<= 0.03% of page loads) and we believe that the potential breakage is (a) low, and (b) outweighted by long-term security and privacy benefits of the new model.
Finally, this i2s does not address (2a): this will be solved via integration with Feature Policy and will ship separately later in the year.
Interoperability and Compatibility Risk:
Compat risk: low. Positive signals from web developers for Accept-CH-Lifetime.
Interop risk: small. Only Blink-based browsers support CH today.
Ongoing technical constraints:
None.
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
Yes.
Requesting Approval to Ship?
Yes.
Link to TAG discussion
Privacy & Security
The headers are sent by the user agent only on secure HTTPS connections. Further, the client hints are attached to the request headers only if the origin has permissions to store cookies and run JavaScript. To prevent third party origins from accessing information that might be unavailable to them otherwise, the client hints are attached only to the requests to the first party origins.
Related discussions:
https://github.com/httpwg/http-extensions/issues/372 (privacy)
https://github.com/WICG/feature-policy/issues/129 (feature policy integration)
Is this feature fully tested by web-platform-tests?
Feature is well tested within Chromium, but web platform tests are missing.
OWP launch tracking bug
https://bugs.chromium.org/p/chromium/issues/detail?id=735518
Link to entry on the feature dashboard
https://www.chromestatus.com/features/5713139295322112
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/63065789-64a7-44cd-a02f-cdbdb7538906%40chromium.org.
--OWP launch tracking bug
https://bugs.chromium.org/p/chromium/issues/detail?id=735518
Link to entry on the feature dashboard
https://www.chromestatus.com/features/5713139295322112
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/63065789-64a7-44cd-a02f-cdbdb7538906%40chromium.org.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/822104b2-e1ee-473a-9c9e-e5f686ce50b8%40chromium.org.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/63065789-64a7-44cd-a02f-cdbdb7538906%40chromium.org.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/63065789-64a7-44cd-a02f-cdbdb7538906%40chromium.org.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/822104b2-e1ee-473a-9c9e-e5f686ce50b8%40chromium.org.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/8b2e22b4-bb20-4f5e-a5b2-1ac76e49c20a%40chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAARdPYczGc-HKjQG_%3DZTM9KvgEA_4_tU5P79y_RNxuKdeSnK_g%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/c2798dad-aaf8-416d-a9eb-79f17712141b%40chromium.org.
Thank you for that data!The reason for those CH changes (removal of 3rd party and non-secure-context support) was privacy concerns. Specifically, there were concerns that as implemented, CH gave passive third parties as well as passive observers ways to fingerprint users that were not available to them otherwise.I was convinced by Artur (CCed) that these risks justify rapid removal.Artur - do you think we can (from a privacy perspective) revert those changes until the FP solution is ready?
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL12FVEBW0qxwdYUF-Pm1HSnC5Hr%2B2P%3D2sJx44abEJTT-YgizQ%40mail.gmail.com.
>>> email to blink-dev+unsubscribe@chromium.org.