AMP pages are beautiful, but links to AMP pages? Not so much ...
Until today! Signed exchanges are here: now you can get instant loading for AMP on your own domain!
#AMPConfpic.twitter.com/OSEcKDc3A5
-
-
Replying to @AMPhtml
Really unsure about this... If I package something I later regret, what's the solution? Certificate revocation?
1 reply 0 retweets 0 likes -
Replying to @dominiccooney @AMPhtml
Depends on the actual concern. Do you have a more concrete scenario?
1 reply 0 retweets 0 likes -
Replying to @KenjiBaheux @AMPhtml
Say I find out my packaged site has some security vulnerability... There's some new CSP I want to opt into; I want to tighten X-Frame-Options; I forgot to check an onmessage origin; etc.
2 replies 0 retweets 0 likes -
Replying to @dominiccooney @AMPhtml
With a whole Web Packaging angle, it's still early days (discussion over wicg/WebPackaging would be useful). For Signed Exchange, we currently only support main resource loading, see https://tools.ietf.org/html/draft-yasskin-http-origin-signed-responses-05#section-6.3 … for some recommendations
1 reply 0 retweets 2 likes -
What
@KenjiBaheux said; for folks not into reading drafts: - SXG are only for public content - Timeouts are low-ish (7 days, IIRC). This is a point of discussion (cc@jyasskin); feedback welcome! - Signing is totally opt-in! If you want live path to server, don't package1 reply 0 retweets 3 likes -
Replying to @slightlylate @KenjiBaheux and
The "only for public content" thing is a red herring. If there's a vulnerability, then access to the origin is at stake (for example cookies.) Unless it's only for sites with *only* public content?
1 reply 0 retweets 1 like -
Replying to @dominiccooney @slightlylate and
I opened https://github.com/WICG/webpackage/issues/376 … to discuss solutions for purging. There are some tradeoffs there between recency and privacy, but I think we can make an opt-in so that publishers can weigh in on the right choice for them /cc
@jyasskin1 reply 0 retweets 2 likes -
Replying to @yoavweiss @slightlylate and
Interesting stuff, t.y. for the pointer. This is a brave new world ripe with possibilities.
1 reply 0 retweets 2 likes -
Replying to @dominiccooney @yoavweiss and
Note that cookies aren't allowed headers in SXG. It's really, really for public content
2 replies 0 retweets 0 likes
(sorry for the slow reply, had missed your tweet, @dominiccooney)
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.