Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Performance control of embedded content #911

Open
wants to merge 19 commits into
base: main
Choose a base branch
from

Conversation

nishitha-burman
Copy link

First draft of explainer for performance control of embedded content.


## Goals
With global web usage continuing to rise and more companies relying on the web as a primary platform to deliver their applications, performance has become a critical factor for success. As more users access websites through mobile devices and lower-powered hardware, the need for fast responsive web experiences is non-negotiable[^1],[^2].
When it comes to optimizing performance, websites and apps are limited by the performance of the external content they embed, these can be 3rd party sites, 3rd party apps, and even content from other organizations within a company. As a result, being able to control the performance of embedded content is crucial to improving the overall performance of a site or app.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"embed, these" -> "embed; these"

## Goals
With global web usage continuing to rise and more companies relying on the web as a primary platform to deliver their applications, performance has become a critical factor for success. As more users access websites through mobile devices and lower-powered hardware, the need for fast responsive web experiences is non-negotiable[^1],[^2].
When it comes to optimizing performance, websites and apps are limited by the performance of the external content they embed, these can be 3rd party sites, 3rd party apps, and even content from other organizations within a company. As a result, being able to control the performance of embedded content is crucial to improving the overall performance of a site or app.
This proposal has two primary goals:

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't showing up on a new line in the rich diff.


## Goals
With global web usage continuing to rise and more companies relying on the web as a primary platform to deliver their applications, performance has become a critical factor for success. As more users access websites through mobile devices and lower-powered hardware, the need for fast responsive web experiences is non-negotiable[^1],[^2].
When it comes to optimizing performance, websites and apps are limited by the performance of the external content they embed, these can be 3rd party sites, 3rd party apps, and even content from other organizations within a company. As a result, being able to control the performance of embedded content is crucial to improving the overall performance of a site or app.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this was meant to be a separate paragraph, it doesn't look like this is showing up as such in the rich diff. You may need to add an extra line

When it comes to optimizing performance, websites and apps are limited by the performance of the external content they embed, these can be 3rd party sites, 3rd party apps, and even content from other organizations within a company. As a result, being able to control the performance of embedded content is crucial to improving the overall performance of a site or app.
This proposal has two primary goals:
1. Improve users’ satisfaction with their OS, browser, and applications via formalizing methods of constraining the resources available to web content.
2. Provide information to help developers improve the performance of web sites and apps through reporting when performance is negatively impacting end-users and/or applications hosting the site in a frame.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I might swap the order of these two points, since the second goal is required to be achieved for the first goal to be achieved.


### Scenarios
* Embedded widgets: Weather forecast, stock tickets, etc.
* Embedded Ads: Embedded ads from networks like Google AdSense or Bing Ads.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would avoid adding specific company products (same with the line below)


* Re-defines a mechanism for a problem already in the scope of Document Policy.
* The challenges in Document Policy are still applicable with a custom mechanism.
* Changes to iframe HTML element represent additional standards work.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure additional standards work is a good reason to go with one approach and not another, so I'm not sure if that is worth listing

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The reasoning here was that even if we wanted to go with the custom mechanism option, we'd need to re-do a lot of the work that Document Policy already does. In particular, it seems like HTML spec changes are more challenging to get through, so defining our own would add that while not providing anything fundamentally better compared to Document Policy. I can remove this item.

Using Document Policy for this proposal has limitations and challenges, including 3pp violation reporting, opt-in requirement, budget-based state leaks. A custom mechanism was briefly considered, but the following was determined for such approach:

* Re-defines a mechanism for a problem already in the scope of Document Policy.
* The challenges in Document Policy are still applicable with a custom mechanism.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might be worth relisting them out to be clear which challenges apply and why

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And were there any other approaches considered that didn't have these same challenges?

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added more details on the challenges.

### Alternatives considered

#### Custom attributes and headers
Using Document Policy for this proposal has limitations and challenges, including 3pp violation reporting, opt-in requirement, budget-based state leaks. A custom mechanism was briefly considered, but the following was determined for such approach:

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For those unfamiliar (like myself) it may be worth going into more detail on what a custom mechanism is and what that would look like in comparison

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added details.

* Changes to iframe HTML element represent additional standards work.

#### Levels vs categories
It was considere to have a single configuration point based on “levels” which would restrictions on top of each other, but this was discarded due to increased difficulty to introduce new values in the future.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"considere" -> "considered"

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Resolved.

* The challenges in Document Policy are still applicable with a custom mechanism.
* Changes to iframe HTML element represent additional standards work.

#### Levels vs categories

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might be worth going into more details on what this means and what it would look like in comparison.

I also think it could be worth expanding on why it would be difficult to expand the value set in the future

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Expanded on the "levels" approach and difficulty in adding criteria in the future.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants