Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTTP Client Hints + Client Hints Infrastructure #20

Open
gsnedders opened this issue Jun 30, 2022 · 12 comments
Open

HTTP Client Hints + Client Hints Infrastructure #20

gsnedders opened this issue Jun 30, 2022 · 12 comments
Assignees
Labels
blocked Coming to a position is blocked on issues identified with the spec or proposal. concerns: interoperability This proposal creates interop risk, e.g. due to vagueness concerns: privacy This proposal may cause privacy risk if implemented concerns: security This proposal may cause security risk if implemented from: Google Proposed, edited, or co-edited by Google. topic: client hints topic: http Spec relates to the HTTP (Hypertext Transfer Protocol) family of protocols topic: networking venue: IETF HTTP WG venue: WICG Proposal is incubated in the Web Incubator Community Group

Comments

@gsnedders
Copy link
Member

gsnedders commented Jun 30, 2022

Request for position on an emerging web specification

Information about the spec

Additional spec URL, repository, and issue tracker: https://wicg.github.io/client-hints-infrastructure/, https://github.com/WICG/client-hints-infrastructure, & https://github.com/WICG/client-hints-infrastructure/issues/.

Design reviews and vendor positions

Bugs tracking this feature

  • WebKit Bugzilla:
  • Radar:

Anything else we need to know

These two specs jointly define the underlying infrastructure and mechanisms of Client Hints, but don't actually specify any hints themselves. Filing this mostly to have something to then link to when we're asked for opinions on specific client hints, for general client hint infra discussion.

@gsnedders gsnedders added topic: http Spec relates to the HTTP (Hypertext Transfer Protocol) family of protocols venue: IETF HTTP WG venue: WICG Proposal is incubated in the Web Incubator Community Group labels Jun 30, 2022
@rniwa
Copy link
Member

rniwa commented Jun 30, 2022

Many of client hints have very questionable use cases like device memory being used as a proxy to estimate how fast a given device is. At the end, we probably need to evaluate each client hints separately.

@othermaciej
Copy link

I think we'd be interested in implementing the Client Hints infrastructure if and only if there are any specific client hints we want to implement. So in that sense we'd be neutral.

However, as written, Client Hints Infrastructure seems to require support for all client hints that exist (not 100% sure about this) because:

  • It hooks into Fetch to require running "append client hints to request".
  • append client hints to request collects the hint names that domain has requested (or had delegated to it) and runs "find client hint value" on each.
  • find client hint value has a global switch of all the different client hint headers that exist, and requires returning a value for each per the many different referenced specifications.

Thus, to my reading, it's nonconforming to support Client Hint Infrastructure without supporting all Client Hints that currently exist (and I guess any that are added in the future). There doesn't seem to be leeway to support only some. Perhaps I'm misreading or this is merely bad drafting and not intended.

@miketaylr
Copy link

There doesn't seem to be leeway to support only some.

Yeah, that's not super intentional. UA-CH is explicit about allowing a UA to return empty or false values or only support hints it wants to: https://wicg.github.io/ua-client-hints/#fingerprinting. I can file a bug to make that more generalized in CH infra.

@karlcow

This comment was marked as off-topic.

@gsnedders

This comment was marked as off-topic.

@gsnedders gsnedders changed the title Client Hints HTTP Client Hints + Client Hints Infrastructure Jul 7, 2022
@o-t-w
Copy link

o-t-w commented Sep 3, 2022

Does this include User-Agent Client Hints JavaScript API or is that a separate issue?

@othermaciej othermaciej added the from: Google Proposed, edited, or co-edited by Google. label Sep 25, 2022
@gsnedders
Copy link
Member Author

Does this include User-Agent Client Hints JavaScript API or is that a separate issue?

That makes sense as part of #70 (UACH).

@annevk
Copy link
Contributor

annevk commented Oct 7, 2022

I'm mildly concerned about the same-origin policy impact of the new request headers as discussed in WICG/client-hints-infrastructure#100. There's an attempt at whatwg/fetch#1434 to mitigate some of that, but it needs quite a bit of work and whether it can be rolled out retroactively remains to be seen I suppose.

@othermaciej othermaciej added concerns: interoperability This proposal creates interop risk, e.g. due to vagueness concerns: privacy This proposal may cause privacy risk if implemented concerns: security This proposal may cause security risk if implemented labels Oct 8, 2022
@litherum
Copy link

litherum commented Mar 7, 2023

What's the difference between this and #70?

@eeeps
Copy link

eeeps commented Mar 7, 2023

@litherum This is for the general infrastructure to send hints, but does not specify any particular hints to send. #70 is for a particular set of hints. Some other proposed particular hints, for reference:

@gsnedders
Copy link
Member Author

gsnedders commented Mar 7, 2023

And see also #15 and #140 for other Client Hints we've been asked for positions on.

@hober hober moved this from Unscreened to Needs position in Standards Positions Review Backlog Mar 23, 2023
@hober hober moved this from Needs position to Needs assignees in Standards Positions Review Backlog Mar 27, 2023
@hober hober moved this from Needs assignees to Needs position in Standards Positions Review Backlog Mar 27, 2023
@hober hober added the blocked Coming to a position is blocked on issues identified with the spec or proposal. label Aug 15, 2023
@hober
Copy link
Member

hober commented Aug 15, 2023

I'm mildly concerned about the same-origin policy impact of the new request headers as discussed in WICG/client-hints-infrastructure#100. There's an attempt at whatwg/fetch#1434 to mitigate some of that, but it needs quite a bit of work and whether it can be rolled out retroactively remains to be seen I suppose.

It looks like this issue is still open & the fetch PR hasn't landed. Marking this as 'blocked'.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
blocked Coming to a position is blocked on issues identified with the spec or proposal. concerns: interoperability This proposal creates interop risk, e.g. due to vagueness concerns: privacy This proposal may cause privacy risk if implemented concerns: security This proposal may cause security risk if implemented from: Google Proposed, edited, or co-edited by Google. topic: client hints topic: http Spec relates to the HTTP (Hypertext Transfer Protocol) family of protocols topic: networking venue: IETF HTTP WG venue: WICG Proposal is incubated in the Web Incubator Community Group
Projects
Development

No branches or pull requests