Set requests' user activation flag during navigation.

[mikewest]

In order to support Fetch Metadata's Sec-Fetch-User header, this patch
sets navigation requests' user activation flag if the navigation is
triggered while the source browsing context has transient activation.

• At least two implementers are interested (and none opposed):
  • Chrome is shipping this as of ~76.
  • Mozilla has labeled theunderlying feature as "worth prototyping".
• Tests are written and can be reviewed and commented upon at:
  • Most clearly in https://github.com/web-platform-tests/wpt/blob/master/fetch/metadata/window-open.tentative.https.sub.html and https://github.com/web-platform-tests/wpt/blob/master/fetch/metadata/navigation.tentative.https.sub.html
• Implementation bugs are filed:
  • Chrome: Shipped.
  • Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1508292
  • Safari: https://bugs.webkit.org/show_bug.cgi?id=204744

---

/browsing-the-web.html ( diff )
/infrastructure.html ( diff )

[mikewest]

(Note that this patch depends on whatwg/fetch#993 landing first.)

[annevk]

This looks accurate. @mustaqahmed want to double check?

[mustaqahmed]

This looks good from user activation perspective.

Two questions/nits:

• The corresponding fetch PR adds "user-activation flag" (with the hyphen). Perhaps we can do the same here?
• Any chance the fetch API may also add the sticky activation state in future? If yes, we can consider switching the type from Boolean to "UserActivation" which is proposed in Sec 6.3.4 in this PR.

[domenic]

Ping @annevk @mikewest on finishing this up.

[mikewest]

Thanks, @mustaqahmed (and @domenic for the ping)!

I've added the hyphen to user-activation flag. I'd like to hold off on the sticky activation state, as I don't know of any current plans to use that at the Fetch layer. It's not a terribly complicated thing to add, but since #4009 hasn't landed yet, I'd like not to block this on that.

WDYT, @annevk?

[mikewest]

Today's commits merge in the last few months of changes, and adjusts the patch to talk about a request's "user activation" boolean, per the rename in whatwg/fetch#993.