Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce 'prefetch-src'. Closes w3c/webappsec-csp#107. #283

Merged
merged 5 commits into from
Jan 15, 2018
Merged

Introduce 'prefetch-src'. Closes w3c/webappsec-csp#107. #283

merged 5 commits into from
Jan 15, 2018

Conversation

mikewest
Copy link
Member

@mikewest mikewest commented Jan 11, 2018
edited by pr-preview bot
Loading

@mikewest
Copy link
Member Author

(For clarity: tests are coming in a subsequent patch once I figure out how prefetch works in Chrome :) )

@yoavweiss
Copy link
Contributor

Looks good, but I don't know enough about CSP's mechanics to approve.

@annevk
Copy link
Member

annevk commented Jan 11, 2018

In whatwg/fetch#659 it's an initiator as per discussion in whatwg/fetch#658, in particular whatwg/fetch#658 (comment).

@annevk
Copy link
Member

annevk commented Jan 12, 2018

So should Fetch still distinguish prerender and prefetch? It seems slightly cleaner to give them distinct initiators, even if they end up with the same path here.

@mikewest
Copy link
Member Author

Happy to defer that to @yoavweiss. The CSP integration should be straightforward either way.

@yoavweiss
Copy link
Contributor

It seems slightly cleaner to give them distinct initiators, even if they end up with the same path here.

Agree that it does seem cleaner.

@annevk
Copy link
Member

annevk commented Jan 13, 2018

@yoavweiss can you update whatwg/fetch#659 so it lists both?

@yoavweiss
Copy link
Contributor

@yoavweiss can you update whatwg/fetch#659 so it lists both?

updated. Also filed whatwg/html#3353

@mikewest
Copy link
Member Author

Updated this patch as well. WDYT?

Tests for prefetch are in web-platform-tests/wpt#9013, feedback welcome. I can add tests for prerender as well, but Chrome won't pass them until @yoavweiss makes the events work. :)

@yoavweiss
Copy link
Contributor

I can add tests for prerender as well, but Chrome won't pass them until @yoavweiss makes the events work. :)

Looked into the Chrome prerender onload event issues, and they seem to be related to NoStatePrefetch and to the fact that prerender triggers a proprietary event, rather than the standard load one. I'm happy to fix the standard event bits, but hoping the NoStatePrefetch folks can fix the part that's on their end :)

In the mean time it seems fine to add a test that fails, and which hopefully work once implementations are fixed.

@mikewest
Copy link
Member Author

In the mean time it seems fine to add a test that fails, and which hopefully work once implementations are fixed.

Yeah. I mean, we'll skip it because otherwise it will just timeout because we have no idea when to stop without an event, and I don't want to add several seconds to every test run. But we'll unskip it once it works! :)

@annevk
Copy link
Member

annevk commented Jan 15, 2018

I'm happy with this. (And for clarity this means we'll tackle dns-prefetch et al in a separate PR.)

@mikewest
Copy link
Member Author

And for clarity this means we'll tackle dns-prefetch et al in a separate PR.

Correct. This is just prefetch-src; those will fall out of a different set of constraints (and I have no idea where they're defined... @yoavweiss?)

@mikewest mikewest merged commit 91adc4a into master Jan 15, 2018
@mikewest mikewest deleted the prefetch-src branch January 15, 2018 14:19
@yoavweiss
Copy link
Contributor

They are defined in https://w3c.github.io/resource-hints/ but we need to better tie them into Fetch.

april added a commit to april/webappsec-csp that referenced this pull request Jan 17, 2018
@april
Merge branch 'master' of https://github.com/w3c/webappsec-csp
21e3123 
* 'master' of https://github.com/w3c/webappsec-csp: (209 commits)
  Fix a few typos (w3c#280)
  Introduce 'prefetch-src'. (w3c#283)
  Clarify navigation behavior for 'script-src'.
  Incorrect indentation of the navigation check algorithm.
  IDL amendments and small misc issues. (w3c#271)
  Regenerate HTMLs.
  Origin link.
  NoncedElement link.
  link up inline css issue (w3c#228)
  Replaced 'alias' with 'copy' for less ambiguity (w3c#273)
  Cleanup `global object` usage to make sense with `Documents` (w3c#254)
  Elements with duplicated attributes are not nonceable.
  s/not-example.com/example.org/
  Linked testing policy and fixed a few links (w3c#263)
  Rebuild HTML.
  Fix linking errors to 'script-like' and 'applet'.
  Adds WorkletGlobalScope as a concept to CSP. (w3c#205)
  Slight correction of host matching description (w3c#251)
  Fixed ambigous grammar (w3c#250)
  Replace Request.type based logic with Request.destination (w3c#231)
  ...
@andypaicu andypaicu mentioned this pull request Feb 21, 2018
Merged
annevk pushed a commit to whatwg/fetch that referenced this pull request Apr 27, 2018
@yoavweiss @annevk
Add prefetch and prerender initiators
d5d0840 
Corresponding CSP change: w3c/webappsec-csp#283.

Tests: web-platform-tests/wpt#9013.

Closes #658.
@mikewest mikewest mentioned this pull request Mar 8, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mikewest @yoavweiss @annevk