-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #151 - Define a "ch-ua-high-entropy-values" permission policy #373
base: main
Are you sure you want to change the base?
Conversation
The allows top-level sites to restrict which third-party sites are able to receive high-entropy ua client hint data, or even disable itself from collection of any high-entropy ua client hint data.
|
||
1. Let |p| be a [=a new promise=] created in the [=current realm=]. | ||
|
||
2. If the [=user agent=] decides one or more values in |hints| should not be returned, then [=reject=] and return |p| with a "{{NotAllowedError}}". |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This has never been implemented, FWIW (at least not in Chromium).
@@ -338,7 +338,7 @@ brand of the browser to the user. These messages often also include the platform | |||
order to make sure the user knows which device is in question. | |||
|
|||
Since such messaging doesn't require any server-side adaptation, it's better for this case to use | |||
the `userAgentData.getHighEntropyData()` method in order to retrieve the required information. | |||
the `userAgentData.getHighEntropyValues()` method in order to retrieve the required information. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this rename web compatible?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good question. I was also a bit confused when I saw that :)
Turns out we just had 2 instances of the wrong name in the use-cases section (🙈). Not sure when that crept in, or if getHighEntropyData was the original name way back when. But we're not actually changing any IDL - getHighEntropyValues
is the thing we shipped (and continue to ship).
The allows top-level sites to restrict which third-party sites are able to receive high-entropy ua client hint data, or even disable itself from collection of any high-entropy ua client hint data.
Preview | Diff