Intent to Prototype: Speculation Rules Prefetch: Vary on particular cookies

96 views
Skip to first unread message

Jeremy Roman

unread,
Mar 7, 2024, 6:03:45 PMMar 7
to blink-dev

Contact emails

jbr...@chromium.org

Explainer

https://github.com/WICG/nav-speculation/issues/302
https://mnot.github.io/I-D/draft-nottingham-http-availability-hints.html#name-cookie

Specification

None

Summary

See https://github.com/WICG/nav-speculation/issues/302 The prefetch cache should allow responses to be cached but discarded if particular cookies change (e.g., login cookie, preferred language/theme).



Blink component

Internals>Preload

Motivation

Even though prefetches have a short lifetime, it is possible for a prefetched response to be "stale" by the time it is used due to a change in the user state (e.g., logging out). This could be surprising as the user expects to observe this change, or in the worst case, a security issue if they have logged out on a public device and the next user is able to access a prefetched page (though this is not the only way this can happen). Developers can work around this by not using prefetch or prerender, but we'd like for them to not have to make that tradeoff. However, Vary: Cookie is infamous for being too big a hammer, since many origins set a variety of cookies which shouldn't invalidate huge swathes of the cache. Instead, browsers should respect response header fields which allow more specific cache invalidation, most likely by cookie name.



Initial public proposal

https://github.com/WICG/nav-speculation/issues/302

TAG review

None

TAG review status

Pending

Risks



Interoperability and Compatibility

None



Gecko: No signal

WebKit: No signal

Web developers: No signals

Other signals:

WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

None



Debuggability

None



Is this feature fully tested by web-platform-tests?

No

Flag name on chrome://flags

None

Finch feature name

None

Non-finch justification

None

Requires code in //chrome?

False

Tracking bug

https://issues.chromium.org/issues/328628231

Estimated milestones

No milestones specified



Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/6313679412002816

This intent message was generated by Chrome Platform Status.
Reply all
Reply to author
Forward
0 new messages