Would this mean you would have to use the same origin for all content (what about fonts?)
-
-
Replying to @wycats @littlecalculist
Wouldn't need to be same-origin only, but all cookies, caches, etc. etc. would be effectively double-keyed. E.g.: `Content-Security-Policy: sandbox-storage; ...`
2 replies 0 retweets 1 like -
Replying to @slightlylate @littlecalculist
What would the effect of the double-keying be?
1 reply 0 retweets 0 likes -
Replying to @wycats @littlecalculist
A big one would be that iframes of your origin outside of top-level loads would not include any of the state the user added in top-level navigation contexts.
1 reply 0 retweets 0 likes -
I.e., the end of XSRF.
1 reply 0 retweets 0 likes -
Replying to @slightlylate @littlecalculist
If it only affects credentialed content, BRING IT FUCKING ON
1 reply 0 retweets 0 likes -
Replying to @wycats @littlecalculist
Would be all content. Why the credentialing difference?
1 reply 0 retweets 0 likes -
Replying to @slightlylate @littlecalculist
Yehuda Katz 🥨 Retweeted Alex Russell
https://twitter.com/slightlylate/status/983406442303471616 … I thought this implied that the "missing content" would be ~ credentials. What other state is important here?
Yehuda Katz 🥨 added,
1 reply 0 retweets 0 likes -
Replying to @wycats @littlecalculist
All state would be unshared between the "isolated world" instances of an origin and the "regular world" ones. Service Worker registrations, cookies, other sorts of storage, etc.
1 reply 0 retweets 0 likes -
Replying to @slightlylate @littlecalculist
This sounds great, and probably needed for AMP-like prefetching to support the modern web well?
1 reply 0 retweets 0 likes
Privacy-preserving prefetch can be handled via Web Packaging (https://github.com/WICG/webpackage ) w/o this, but I'd sure like to have this in the arsenal of tools for other problems.
-
-
Replying to @slightlylate @littlecalculist
How does privacy-preserving prefetch support Service Worker via Web Packaging? If that problem's been worked out, great!
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.