Contact emails
yoav...@chromium.org, aaro...@chromium.org
Explainer
https://github.com/WICG/client-hints-infrastructure#readme
https://github.com/WICG/ua-client-hints#explainer-reducing-user-agent-granularity
Specs
https://wicg.github.io/client-hints-infrastructure
https://wicg.github.io/ua-client-hints/
https://httpwg.org/http-extensions/draft-ietf-httpbis-client-hints.html
TAG review
https://github.com/w3ctag/design-reviews/issues/320
Summary
The Client Hints infrastructure spec includes several improvements over the currently shipped Client Hints. In particular, it allows explicit delegation of Client Hints to specific cross-origin origins, using Feature Policies. That enables us to support Client Hints with cross-origin requests in a privacy preserving manner, and will enable us to backport the same approach to legacy Client Hints as well.
This new infrastructure enables features like UA Client Hints, which enable proactive content negotiation (using the user agent characteristics) without passively sending fingerprinting information to all origins, like the current `User-Agent` string does. The existence of such content negotiation mechanisms will enable us to deprecate and freeze the current User-Agent string (for which we’ll send a separate intent).
Motivation
The changes to the infrastructure are motivated by:
Improved user privacy while maintaining the use-case for cross-origin content negotiation - the previous design of Client Hints resulted in fingerprintable information sent on passive cross-origin requests. While we limited that exposure, we did that by removing support for new hints from cross-origin origins. The new infrastructure enables reinstating client hints support for cross-origin origins, depending on the page’s opt-in.
Desire for cross-browser implementation - while we don’t have positive signals from other implementers, the design for the new infrastructure received neutral signals from them, and would potentially make it easier for them to come on board in the future.
The UA Client Hints feature is motivated by the desire to eventually turn the fingerprintable information that the UA string passively exposes today into an active fingerprinting vector, forcing sites that rely on it to explicitly opt-in, and enable browsers and privacy researchers to keep track of the information’s usage.
On top of that, we’re interested in experimenting with GREASEing the UA brand and version, to avoid web sites relying on allow-lists.Link to “Intent to Prototype” blink-dev discussion
Intent to implement for UA Client Hints
We have not sent an intent for the Feature Policy related changes to the Client Hints infrastructure.
Link to Origin Trial feedback summary
N/A
Is this feature supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
Yes.
On Android, there are some legacy Client Hints which are sent to cross-origin origins regardless of specific Feature Policy delegation. This was done to accommodate existing use by image CDNs. We chose to avoid changing that when shipping the infrastructure, but intend to deprecate that independently in the future.
Demo link
Nope
Debuggability
The UA Client Hints headers will be as debuggable as other request headers, through devtools’ network tab.
Risks
Interoperability and Compatibility
From a compatibility perspective, shipping the UA client hints doesn’t pose any new risk. Those are additive additions that web content can choose to rely on, but which are not likely to break existing content.
On the other hand, the new infrastructure does incur some risk:
In order to reduce the risk of server-side confusion when it comes to shipping new headers, and as security learning from e.g. allowing the User-Agent string to be manipulated by developers, we decided that all current Client Hint headers will be preceded by a `Sec-CH-` prefix.
That means that sites that currently rely on Client Hints will be forced to change their server side logic to address that.
We are in contact with the major users of the API (image CDNs), and they ensured us making such a change will not be a huge feat for them.
From an interoperability perspective, we are currently walking this path alone :/
The infrastructure changes we want to ship here have turned the previous Safari opinion of Client Hints being harmful to be less negative, but I don’t believe we have enough of their support to qualify that as “positive signals” just yet. We’ve asked for a re-review of the spec.
Regarding Mozilla’s, we have made great strides in convincing them that the infrastructure is not harmful and removed their previous resistance to the related IETF draft. Nevertheless, their opinion remains neutral (“non-harmful” for both the infrastructure and the UA Client Hints feature).
In contrast to that, Edge is publicly supportive of this effort.
As far as developer interest goes, image CDNs have been using image-related Client Hints features to optimize their user’s images: We have reports and tutorials from Cloudinary, Imgix, and Scientia Mobile.
Web developers have also been advocating for their usage.
While we haven’t heard demand from them to enhance the privacy of the Client Hints infrastructure, in conversations we had with them on the subject they showed understanding of the problem and willingness to modify their implementation of the feature to accommodate the improvements.
Edge: public support
Firefox: “Non-harmful”
Safari: Negative regarding the previous iteration of Client-Hints. We asked for a re-review of the changes we want to ship here.
Web / Framework developers: Positive.
Ergonomics
Depending on the usage, developers may need to opt-in to Client Hints as well as delegate them to specific third party services (e.g. image CDNs).
That opt-in can be done using HTTP headers, which has been historically harder than markup changes. It remains to be seen if this deployment challenge is indeed a hurdle to adoption. A long-term solution may be an Origin Policy to provide the opt-ins.
Activation
Lack of cross-browser adoption would mean that the infrastructure would be useful for content optimization, but using it for essential content negotiation would require some combination of Client Hints logic with legacy means (e.g. UA sniffing).
Is this feature fully tested by web-platform-tests? Link to test suite results from wpt.fyi.
https://wpt.fyi/results/client-hints
Entry on the feature dashboard
Howdy, all:Looking briefly at the the UA-CH draft, it isn't clear what, exactly, we're shipping. The wire behavior? The new interfaces? Both?
Comparing UA-CH to UA strings, some information seems to have gone missing (including language preferences).
How has the team validated that the design is useful for developers without this information?Lastly, a justification in the TAG review for this design is that it prevents some information being sent over plaintext. What does this change gain us vs. simply restricting the availability of UA strings to secure contexts?
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/18c26c94-9d1e-43f0-9e10-182eab2eca93%40chromium.org.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACj%3DBEj9XvPGt49c7XC7kHtgEHBX3Qu32bXANuDN%3DhCKmzjw2w%40mail.gmail.com.
This is quite intertwined with Intent to Deprecate and Freeze: The User-Agent string, and what we ship here should be enough to make the UA string freezing very easy to adapt to.
I have concerns that there are many unresolved issues connected to how this will replace server-side UA string sniffing,
and I'm not sure what the plan is for client-side UA sniffing.
There are also inline issues in the spec, in particular https://wicg.github.io/ua-client-hints/#delegation is just a list of issues.
Of the open issues, these seem like ones especially important to address:
On Wed, Jan 15, 2020 at 11:58 AM Philip Jägenstedt <foo...@chromium.org> wrote:This is quite intertwined with Intent to Deprecate and Freeze: The User-Agent string, and what we ship here should be enough to make the UA string freezing very easy to adapt to.Indeed.I have concerns that there are many unresolved issues connected to how this will replace server-side UA string sniffing,Many of those were opened as a result of sending the intents :) (which is great!)and I'm not sure what the plan is for client-side UA sniffing.The getUserAgent method should cover client-side: https://wicg.github.io/ua-client-hints/#interfaceThere are also inline issues in the spec, in particular https://wicg.github.io/ua-client-hints/#delegation is just a list of issues.Thanks for pointing it out. This indeed require cleaning, but the processing for that is defined as part of https://wicg.github.io/client-hints-infrastructure/ (e.g. https://wicg.github.io/client-hints-infrastructure/#request-processing)
Of the open issues, these seem like ones especially important to address:We've discussed this internally and decided that we should not be blocking shipping the infrastructure here on resolving the "very first hit" problem.Most use-cases for HTML adaptation based on the UA string can get by with brand, significant version (and maybe a mobileness bit, as we've seen on issue #15).For the remaining cases, there's a tradeoff here between a (temporary, only on their very-first hit) performance regression for a small minority of sites vs. reducing the passive fingerprinting surface of all users.We've decided that the latter gets priority.At the same time, I'd love to collect use-cases where brand, version and mobileness are not enough, and see if there's something we can do on that front.
We indeed need to better define the brand as a set of values, to minimize parsing errors, enable browsers to claim equivalence groups while maintaining their identity, and enable future GREASEing.
I agree we need resolution there, but tend to agree with +Mike West. Returning a promise will indeed introduce some short-term pain when switching from the legacy UA string to `getUserAgent()`, but will enable future enforcement mechanisms a lot of flexibility as to what they can do when sites touch Too Many Bits™.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAARdPYfHFuK9PiLVhMukwOXZq01tRUkrdRBL80VmmUBsRYQAJA%40mail.gmail.com.
Thanks Yoav, that sounds like a good plan to me!On "Avoid freezing the meaningful version of the legacy UA string, at least at first", is the idea to follow the same approach as Safari? Can you elaborate on that on the other intent?
Thanks all for the great feedback here, on the repo, and elsewhere!As a result, there are a bunch of things we feel we need to modify about the proposal:
- Send the "mobileness" hint by default
To unsubscribe from this group and stop receiving emails from it, send an email to blin...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACj%3DBEj9XvPGt49c7XC7kHtgEHBX3Qu32bXANuDN%3DhCKmzjw2w%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blin...@chromium.org.
That data is important for many servers. Some websites return different pages according to these fields either to bypass OS specific bugs or in order to optimize the result for user.
Specifically, this is important to support deep linking on mobile
i do not understand why platform, OS type and version are not sent by default on the original request.
That data is important for many servers. Some websites return different pages according to these fields either to bypass OS specific bugs or in order to optimize the result for user. \
Specifically, this is important to support deep linking on mobile
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/19ed667e-3a9c-401f-8b6b-9e4dc7a604ad%40chromium.org.
On Tue, Feb 18, 2020 at 10:23 PM 'Gil Meroz' via blink-dev <blin...@chromium.org> wrote:i do not understand why platform, OS type and version are not sent by default on the original request.A large part of the motivation behind UA-CH is to reduce passive entropy emitted by the browser, that is the distinctive values sent by default on requests.Therefore, we chose to send by default only low-entropy values (browser, significant version and mobileness), and not values with higher entropy like the platform and its version.
That data is important for many servers. Some websites return different pages according to these fields either to bypass OS specific bugs or in order to optimize the result for user. \Those servers can opt-in to receive that information.
Specifically, this is important to support deep linking on mobileCan you clarify what you mean by deep linking? Would the "mobileness" bit not be enough here?
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blin...@chromium.org.
On Tue, Feb 18, 2020 at 10:23 PM 'Gil Meroz' via blink-dev <blin...@chromium.org> wrote:i do not understand why platform, OS type and version are not sent by default on the original request.A large part of the motivation behind UA-CH is to reduce passive entropy emitted by the browser, that is the distinctive values sent by default on requests.Therefore, we chose to send by default only low-entropy values (browser, significant version and mobileness), and not values with higher entropy like the platform and its version.
That data is important for many servers. Some websites return different pages according to these fields either to bypass OS specific bugs or in order to optimize the result for user. \Those servers can opt-in to receive that information.
Specifically, this is important to support deep linking on mobileCan you clarify what you mean by deep linking? Would the "mobileness" bit not be enough here?
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blin...@chromium.org.
Will a version of UA-CH ship with Chrome 81 in March?
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/1ad0f1dd-ae32-4095-8f77-dca727cad44f%40chromium.org.
On Fri, Feb 28, 2020 at 8:12 PM <usma...@tercept.com> wrote:Will a version of UA-CH ship with Chrome 81 in March?Due to a lot of feedback on this intent and resulting work accommodating it, we did not hit the 81 milestone.I'll update the thread when the feedback was fully addressed in spec and implementation.
--
On Wednesday, February 19, 2020 at 12:54:03 PM UTC+5:30, Yoav Weiss wrote:On Tue, Feb 18, 2020 at 10:23 PM 'Gil Meroz' via blink-dev <blin...@chromium.org> wrote:i do not understand why platform, OS type and version are not sent by default on the original request.A large part of the motivation behind UA-CH is to reduce passive entropy emitted by the browser, that is the distinctive values sent by default on requests.Therefore, we chose to send by default only low-entropy values (browser, significant version and mobileness), and not values with higher entropy like the platform and its version.
That data is important for many servers. Some websites return different pages according to these fields either to bypass OS specific bugs or in order to optimize the result for user. \Those servers can opt-in to receive that information.
Specifically, this is important to support deep linking on mobileCan you clarify what you mean by deep linking? Would the "mobileness" bit not be enough here?
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blin...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/19ed667e-3a9c-401f-8b6b-9e4dc7a604ad%40chromium.org.
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blin...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/1ad0f1dd-ae32-4095-8f77-dca727cad44f%40chromium.org.
Hey folks!
I’d like to revive this intent, as we’re hoping to ship this for M84.
Notable changes since the original intent was sent, as a result of community feedback:
Many use-cases were gathered from the community and documented.
The mobile/desktop distinction is now considered “low entropy” and sent by default on all requests.
“Platform version” was split from “platform”, as their use-cases don’t entirely overlap.
The “UA full version” was split into a separate hint, to enable JS access to the significant version, in cases where the full version is not needed (which is most cases).
That also had the benefit of making the CH opt-in for that hint easier to explain (previously, an opt-in to `UA` augmented the hint to expose the full version)
The `NavigatorUAData.UA` attribute was renamed (twice!) to eventually land on `brands`. It’s also now a list, containing more than a single entry.
The `Sec-CH-UA` header is now a Structured Headers parameterized list. We’d like folks that are parsing those on the server side to use standard parsers (like this one).
The definition of GREASE in the context of UA-CH was refined - it now targets blocking the use of “allow lists” (by including unknown values in the set) and the use of non-standard parsers (by including values that are likely to break such parsers).
The JS interface is no longer guarded in its entirety by a Promise, only the call to acquire the high entropy values.
The processing model was revamped and improved.
The JS interface is now exposed to workers.
`http-equiv` based Client Hints are no longer persistent, to enable future architecture simplification where all hint parsing (for persistency purposes) is done outside the renderer.
The main remaining point of contention is around the `architecture` hint.
There’s ongoing debate on the language that will enable UAs that don’t want to expose it to avoid doing so. IMO, this debate should not impact the API shape.
Otherwise, there’s an issue suggesting we define the different CPU architectures so that the same string would mean the same thing on different platforms, which seems reasonable. I have a proposal on that front. Note that we’re planning to initially expose those values on Windows and Linux. We also plan to see if use-cases arise where this signal is not sufficient and potentially enhance it with a separate, higher-entropy hint.
I’m planning to land it (and related code changes) before M84 branches. If we fail to do so, I’m happy to ship most of the feature *without* the `architecture` bits, and ship them at a later date when everyone is happy with the proposed values.
Another point of note - currently the exposed `brands` and `Sec-CH-UA` values are not GREASEd. We’re planning to implement some version of GREASE before M84, and potentially improve on it later.
On the implementation & testing front, we also had bug fixes & spec alignment. Otherwise, the umbrella bug still includes a few blocker issues. We expect all of them (other than potentially ones mentioned above) to be fixed before branch point.
API OWNERS - what say ye?
Cheers :)
Yoav
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACj%3DBEgN4PdQaEiU_ZtCH2s1kGfjpqKadApLRaNeyz%2B7np-TAg%40mail.gmail.com.
LGTM1, with some caveats below:* I see ongoing conversation both internally and externally around `Sec-CH-UA-Arch` and the related `architecture` attribute of the `UADataValues` dictionary. It's not clear to me that that's going to be in a shippable shape by the M84 branch point, and I'd prefer to see y'all work that out fully before pushing it out the door. If it's not ready next week, I'd suggest splitting it from this intent and sending another in the future when it's ready.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAKXHy%3Df9JGzTzrOTFp4R4q7%2BDi_KGj2G0-zaNXGzxAFjpUJ5jg%40mail.gmail.com.
On Fri, May 8, 2020 at 12:10 AM Mike West <mk...@chromium.org> wrote:LGTM1, with some caveats below:* I see ongoing conversation both internally and externally around `Sec-CH-UA-Arch` and the related `architecture` attribute of the `UADataValues` dictionary. It's not clear to me that that's going to be in a shippable shape by the M84 branch point, and I'd prefer to see y'all work that out fully before pushing it out the door. If it's not ready next week, I'd suggest splitting it from this intent and sending another in the future when it's ready.I would prefer to decide this one way or the other before giving approval, so that it's clear what is shipping.
On Fri, May 8, 2020 at 6:22 PM Chris Harrelson <chri...@chromium.org> wrote:On Fri, May 8, 2020 at 12:10 AM Mike West <mk...@chromium.org> wrote:LGTM1, with some caveats below:* I see ongoing conversation both internally and externally around `Sec-CH-UA-Arch` and the related `architecture` attribute of the `UADataValues` dictionary. It's not clear to me that that's going to be in a shippable shape by the M84 branch point, and I'd prefer to see y'all work that out fully before pushing it out the door. If it's not ready next week, I'd suggest splitting it from this intent and sending another in the future when it's ready.I would prefer to decide this one way or the other before giving approval, so that it's clear what is shipping.Understood. I believe we are converging on that front, and the relevant PRs can land soon.I'll notify this thread when they either land, or we decide to go ahead and ship architecture with initially empty values, due to lack of agreement.
* I heard concerns around the split between synchronous and asynchronous getters for attributes exposed directly on `NavigatorUAData` on the one hand, and those exposed via `UADataValues`. I don't think those concerns are blocking, but I would like to make sure we have a consistent story for developers about how they should access information about the user agent in which they're running.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACj%3DBEiZYi%2BPMT2H5C%2BMMWSQy%3Dzw1Rh235ugM39RTxK57ye16g%40mail.gmail.com.
One more complication I mistakenly left out in my previous update. (apologies!)It seems like at least one site is broken by the UA-CH request headers, as a result of them being Structured Headers (the site seems sensitive to double quotes and question marks in request headers, presumably judging them suspicious).Talking to the team, we were thinking that keeping close track of issues as this rolls into beta would be sufficient, and we can turn it off if it's revealed to be a more wide-spread issue.Thoughts on that front?
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACj%3DBEgMBfTZsn2gZf70wKCcry50spS1LM9mmTc53NiKm9wnpg%40mail.gmail.com.
LGTM2
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACj%3DBEgN4PdQaEiU_ZtCH2s1kGfjpqKadApLRaNeyz%2B7np-TAg%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAKXHy%3Df9JGzTzrOTFp4R4q7%2BDi_KGj2G0-zaNXGzxAFjpUJ5jg%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACj%3DBEiZYi%2BPMT2H5C%2BMMWSQy%3Dzw1Rh235ugM39RTxK57ye16g%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
LGTM2
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACj%3DBEgN4PdQaEiU_ZtCH2s1kGfjpqKadApLRaNeyz%2B7np-TAg%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAKXHy%3Df9JGzTzrOTFp4R4q7%2BDi_KGj2G0-zaNXGzxAFjpUJ5jg%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACj%3DBEiZYi%2BPMT2H5C%2BMMWSQy%3Dzw1Rh235ugM39RTxK57ye16g%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACj%3DBEgMBfTZsn2gZf70wKCcry50spS1LM9mmTc53NiKm9wnpg%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/b29919d6-c72d-439d-b95d-bb1f5f3b8c6c%40chromium.org.
LGTM2
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACj%3DBEgN4PdQaEiU_ZtCH2s1kGfjpqKadApLRaNeyz%2B7np-TAg%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAKXHy%3Df9JGzTzrOTFp4R4q7%2BDi_KGj2G0-zaNXGzxAFjpUJ5jg%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACj%3DBEiZYi%2BPMT2H5C%2BMMWSQy%3Dzw1Rh235ugM39RTxK57ye16g%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACj%3DBEgMBfTZsn2gZf70wKCcry50spS1LM9mmTc53NiKm9wnpg%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/b29919d6-c72d-439d-b95d-bb1f5f3b8c6c%40chromium.org.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACj%3DBEjjGOWhk_d5KTovGQZDdUyXAaqECc6fXNPRz4ZTxkpOhQ%40mail.gmail.com.
Hey all,
A quick note: due to site breakage issues we encountered, the feature will be slowly rolled out in M84, rather than enabled by default. Even though we’re only aware of one large site that still breaks when sent with new and exciting chars such as double-quotes in request headers, we prefer a cautious & slow roll-out to enable us to catch any cases that did not come up during Beta.
Thanks,
Yoav
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACj%3DBEitqF6HVipf7W%3DdovwFL8Z6ezB5USbbGUbFeq0-CCcGJA%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEmk%3DMYMtVcXG-oxdCXiVSn-pfbNGu2tv9LK26-UWt%3DTbrXQBQ%40mail.gmail.com.