[Webkit-unassigned] [Bug 210184] [GTK][WPE] Enable resource load statistics

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Apr 14 08:03:43 PDT 2020


https://bugs.webkit.org/show_bug.cgi?id=210184

--- Comment #8 from John Wilander <wilander at apple.com> ---
Sorry for dropping the ball on this. Excited to see you’re enabling ITP!

(In reply to Carlos Garcia Campos from comment #2)
> So, I have a few questions for John/Youenn/Alex:
> 
>  - What's the expected behavior of isolated sessions? They start with an
> empty cookie storage and only allow first-party? Why is there a limit of
> isolated sessions?

Isolated sessions are about the network layer below HTTP. A new session gets a new TLS connection for instance. But you can hang all kinds of things on the session to isolate it such as an individual DNS cache.

>  - There isn't HSTS tests, so I don't know what the expected behavior is
> there either. Should we downgrade requests upgraded by HSTS when cokies
> should be blocked?

Yes, when the original request is HTTP, the request will have its cookies blocked, and has been upgraded by the HSTS mechanism, downgrade back to HTTP, apply all other rules in WebKit that might again upgrade it such as Upgrade Insecure Requests or potential/future auto-upgrade of mixed content, and send out.

The reason for lack of tests is that HSTS requires real, trusted certificates and self-signed ones like the one in the test runner will not do.

>  - What API should we expose for ITP? is it enough to expose WebsiteData API
> to set stats dir, fetch/delete website data and enable/disabled ITP?
> Anything else?

If you want fine grained controls, you can offer more. I believe we offer the ability to exempt localhost for cases where a localhost server is used to create an stand-alone application with a UI rendered with web technologies.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200414/07205507/attachment-0001.htm>


More information about the webkit-unassigned mailing list