From 6e8ca91e07178b769707631b91c6eaa16e4e4eb5 Mon Sep 17 00:00:00 2001 From: Mike Taylor Date: Fri, 22 Jan 2021 11:17:00 -0600 Subject: [PATCH 1/4] Issue #45 - Add Sec-CH prefix to UA-CH tokens --- index.bs | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/index.bs b/index.bs index e640b8a..d8530c5 100644 --- a/index.bs +++ b/index.bs @@ -301,11 +301,11 @@ A client hints token is a [=byte-lowercase=] representation of one of `RTT`, `Downlink`, `ECT`, - `UA-Arch`, - `UA-Model`, - `UA-Platform`, - `UA` or - `UA-Mobile`. + `Sec-CH-UA-Arch`, + `Sec-CH-UA-Model`, + `Sec-CH-UA-Platform`, + `Sec-CH-UA` or + `Sec-CH-UA-Mobile`. Policy-controlled features {#policy-controlled-features} ------------- @@ -344,10 +344,10 @@ The low entropy hint table below defines hints that are only e `Save-Data` a suitable Save-Data value - `UA` + `Sec-CH-UA` a suitable UA value - `UA-Mobile` + `Sec-CH-UA-Mobile` a suitable Mobile value From df24a09a79bed9bd3d861efec84a5d91ac4e4fa1 Mon Sep 17 00:00:00 2001 From: Mike Taylor Date: Fri, 22 Jan 2021 11:17:18 -0600 Subject: [PATCH 2/4] Issue #45 - Driveby trailing whitespace cleanup --- index.bs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/index.bs b/index.bs index d8530c5..4219819 100644 --- a/index.bs +++ b/index.bs @@ -5,7 +5,7 @@ Level: 1 Status: CG-Draft Group: WICG URL: https://wicg.github.io/client-hints-infrastructure -Editor: Yoav Weiss, Google, yoav@yoav.ws, https://blog.yoav.ws +Editor: Yoav Weiss, Google, yoav@yoav.ws, https://blog.yoav.ws Abstract: Specification of the Client Hints infrastructure and its integration with Fetch and HTML Markup Shorthands: markdown yes @@ -103,7 +103,7 @@ following specifications and proposals: same-origin or delegated-to cross-origin requests. It also makes sure hints are removed from not delegated-to cross-origin requests after redirections. - - Integrates those concepts with the [[!HTML]] and [[!FETCH]] specifications, + - Integrates those concepts with the [[!HTML]] and [[!FETCH]] specifications, by patching various concepts there. * W3C Permissions Policy specification (relevant section) - In order to perform third party Client Hint delegation, Permissions Policy has @@ -121,7 +121,7 @@ Accept-CH cache {#accept-ch-cache-definition} ---------------- An Accept-CH cache is owned by the user agent and is an [=ordered map=], - [=keyed=] on origin (an [=/origin=]), + [=keyed=] on origin (an [=/origin=]), with a value of client hints set (a [=/client hints set=]). The Accept-CH cache can effectively act as an alternative cookie store, @@ -155,7 +155,7 @@ When asked to initialize the Client Hints set with |setti
Note, the above algorithm: -* Initializes client hints set on the environment settings object based on its origin. +* Initializes client hints set on the environment settings object based on its origin. * If we are in a secure context and the navigation is a top-level navigation, it parses `Accept-CH` and adds the results to the environment setting object's client hints set as well as the Accept-CH cache.
@@ -185,7 +185,7 @@ Document object initialization {#document-init} ---------- At Create and initialize a Document object, -after step 11, starting with "Initialize a Document's CSP list", +after step 11, starting with "Initialize a Document's CSP list", call [$initialize the Client Hints set$] with document's [=relevant settings object=] and |response| as inputs. Worker initialization {#worker-init} From 40a4a4d1c1f269bb8eed5c849ee1df0720a1f059 Mon Sep 17 00:00:00 2001 From: Mike Taylor Date: Fri, 22 Jan 2021 11:28:41 -0600 Subject: [PATCH 3/4] Issue #46 - Remove Sec- prefix step from Request processing algorithm The tokens should already have that as part of its name, if relevant. --- index.bs | 4 ---- 1 file changed, 4 deletions(-) diff --git a/index.bs b/index.bs index 4219819..2d69f56 100644 --- a/index.bs +++ b/index.bs @@ -244,10 +244,6 @@ if request's header list policy-controlled feature, returns false, then skip the next steps and continue to the next hintName. [[!PERMISSIONS-POLICY]] [[!CLIENT-HINTS]] - -

  • Set hintName to "Sec-" concatenated with hintName. -

    We need to figure out if we really want a `Sec-` prefix, and if so also exempt it from CORS.
    -

  • If request's header list does not contain hintName, a user agent should append hintName/value to request's header list. From 23b305be7afd3bb6b2b9220be3adf4bc2479faa6 Mon Sep 17 00:00:00 2001 From: Mike Taylor Date: Fri, 22 Jan 2021 12:15:29 -0600 Subject: [PATCH 4/4] Issue #46 - Add note to clarify CH tokens match request headers --- index.bs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/index.bs b/index.bs index 2d69f56..aa0bee6 100644 --- a/index.bs +++ b/index.bs @@ -303,6 +303,9 @@ A client hints token is a [=byte-lowercase=] representation of one of `Sec-CH-UA` or `Sec-CH-UA-Mobile`. +Note: A client hints token will also match the request header sent by the user agent when +appropriate (as determined by the request processing algorithm). + Policy-controlled features {#policy-controlled-features} -------------