Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixes #151 - Define a "ch-ua-high-entropy-values" permission policy #373

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

miketaylr
Copy link
Collaborator

@miketaylr miketaylr commented Dec 20, 2024

The allows top-level sites to restrict which third-party sites are able to receive high-entropy ua client hint data, or even disable itself from collection of any high-entropy ua client hint data.


Preview | Diff

The allows top-level sites to restrict which third-party sites are
able to receive high-entropy ua client hint data, or even disable
itself from collection of any high-entropy ua client hint data.
@miketaylr miketaylr changed the title Fixes #141 - Define a "ch-ua-high-entropy-values" permission policy Fixes #151 - Define a "ch-ua-high-entropy-values" permission policy Dec 20, 2024
@miketaylr miketaylr requested a review from yoavweiss December 20, 2024 02:43

1. Let |p| be a [=a new promise=] created in the [=current realm=].

2. If the [=user agent=] decides one or more values in |hints| should not be returned, then [=reject=] and return |p| with a "{{NotAllowedError}}".
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This has never been implemented, FWIW (at least not in Chromium).

@@ -338,7 +338,7 @@ brand of the browser to the user. These messages often also include the platform
order to make sure the user knows which device is in question.

Since such messaging doesn't require any server-side adaptation, it's better for this case to use
the `userAgentData.getHighEntropyData()` method in order to retrieve the required information.
the `userAgentData.getHighEntropyValues()` method in order to retrieve the required information.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this rename web compatible?

Copy link
Collaborator Author

@miketaylr miketaylr Dec 20, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good question. I was also a bit confused when I saw that :)

Turns out we just had 2 instances of the wrong name in the use-cases section (🙈). Not sure when that crept in, or if getHighEntropyData was the original name way back when. But we're not actually changing any IDL - getHighEntropyValues is the thing we shipped (and continue to ship).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants