https://wicg.github.io/nav-speculation/speculation-rules.html
https://github.com/WICG/nav-speculation/pull/213
https://github.com/WICG/nav-speculation/pull/245
Speculation rules are inlined in script tags, but their use will be restricted by Content Security Policy as unsafe inline scripts even if the speculation rules are safe.
So, we extend the Content Security Policy to have a new source keyword, ‘inline-speculation-rules’, for inline uses of speculation rules. With this new keyword, we can permit inline speculation rules without permitting inline scripts.
Blink>SecurityFeature>ContentSecurityPolicy
https://github.com/w3ctag/design-reviews/issues/721#issuecomment-1461312356
On going as a delta for Speculation Rules (Prefetch)
Gecko: No signal
WebKit: No signal
Web developers: We heard positive feedback from partners as there was no handy approach to permit speculation rules without allowing unsafe inline scripts.
Other signals:
No incompatible change for existing APIs.
DevTools show proper warning messages as we do for other CSP violations.
Yes
Yes, in speculation-rules/prerender/csp-script-src-*
N/A
(base::Feature is network::features::kPrerender2ContentSecurityPolicyExtensions)
False for web exposed changes, but have a small change in chrome/browser/extensions/ to support it in Chrome Extensions too.
110
No specific concern.
https://chromestatus.com/feature/5182859125456896
This intent message was generated by Chrome Platform Status.
Hi blink-dev,
This Intent to Ship is a bit unusual because we accidentally launched this change in M110, and are now properly going through the Intent to Ship process.
Here is the Intent, and let us know if there's anything else we should do to handle this unusual situation:
We already modify our workflow to track each launch process closely with our TPM so to avoid this kind of mistakes in the future.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFWCB1n7ON2v4Vv%2BYfvk%3DMt5g7zY62eGoy53HKrPzAHp1C1sMw%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfUsKocFhZstwhy5S-nuawDC_3unUpCgOT1fc%3Dz1Uf3fKg%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGH7WqEkunFoxs5pq5wFrHaABtq76XhxL2pNUweWcoi8SYDoqg%40mail.gmail.com.