What's the point of specifying Critical-CH as opposed to relying on CH provided by the browser?Is the idea that some browsers may decide to hide some client hints to reduce the fingerprinting surface?If so, then this new header seems to just defeat that because a website can specify all the client hints as critical.- R. NiwaOn Wed, Jan 27, 2021 at 4:40 AM Aaron Tagliaboschi via webkit-dev <webkit-dev@lists.webkit.org> wrote:_______________________________________________Explainer: https://github.com/WICG/client-hints-infrastructure/blob/master/reliability.md#critical-chThe Client Hint Reliability proposal is a set of features aimed at making Client Hints<https://tools.ietf.org/html/draft-ietf-httpbis-client-hints-15> more reliably available and mitigatingmis-matches between a site's preferences and the preferences stored in the browser. The ideabehind the Critical-CH response header is to signal to browsers that there are hints the serverwould rather pay a round trip than not have not the first request. The basic algorithm is as follows:
If, after receiving a request with Critical-CH and Accept-CH headers, there is a hint indicated inthe Critical-CH header that the browser did not send but would not block sending, the browsershould store the new CH preferences, drop the request, and start a new one with the newheaders included.Aaron Tagliaboschi | Software Engineer, Chrome Trust & Safety
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev