Intent to Prototype: Inactive document invalidation API

112 views
Skip to first unread message

Fergal Daly

unread,
Nov 18, 2022, 4:11:27 AM11/18/22
to blink-dev, bfcache-dev, Yuzu Saijo, Domenic Denicola, Kentaro Hara, Kenji Baheux

Contact emails

fer...@chromium.orgyu...@chromium.org

Explainer

https://github.com/fergald/explainer-bfcache-ccns/blob/main/api.md

Specification



Summary

An API that allows pages to declare triggers that will cause them to be invalidated (evicted from BFCache or cancelled from Prerendering). The goal is provide an alternative to blocking Prerendering or BFCache entirely (e.g. with Cache-Control: no-store) while still ensuring that sensitive information is not presented to the user after logging out or other important state changes. Triggers include changes to listed cookies or storage keys.



Blink component

UI>Browser>Navigation>BFCache

Motivation

When users log out, pages in BFCache or pages that are Prerendering may contain sensitive information that should no longer be accessible. Currently, or BFCache, sites use `Cache-Control: no-store` to protect that information but this is a blunt instrument that prevents BFCacheing entirely, hurting performance. For prerendering, sites may not opt in to prerendering. This also prevents browsers from opportunistically prerendering.



Initial public proposal

https://github.com/whatwg/html/issues/7189

Search tags

bfcache prerendering cookies storage

TAG review

https://github.com/w3ctag/design-reviews/issues/786

TAG review status

Pending

Risks



Interoperability and Compatibility

None known.



Gecko: No signal (https://docs.google.com/document/d/1YZvkd0nMk0VlaikLCcBtzX0CCUo9lLxoOUtEPbK2IYk/edit) This was discussed in the context of changing the default behaviour of BFCache with `Cache-Control: no-store`. The API itself didn't generate much discussion.

WebKit: No signal (https://docs.google.com/document/d/1YZvkd0nMk0VlaikLCcBtzX0CCUo9lLxoOUtEPbK2IYk/edit) This was discussed in the context of changing the default behaviour of BFCache with `Cache-Control: no-store`. The API itself didn't generate much discussion.

Web developers: No signals

Other signals:

Security

Since this just adds ways for a page to not be restored from BFCache or prerendered, it should not present a security risk.



WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

No



Debuggability



Is this feature fully tested by web-platform-tests?

No

Flag name



Requires code in //chrome?

False

Tracking bug

https://crbug.com/1386028

Estimated milestones

No milestones specified



Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5197945132023808

This intent message was generated by Chrome Platform Status.
Reply all
Reply to author
Forward
0 new messages