Contact emails ri...@chromium.org, kou...@chromium.org
Explainer https://github.com/WICG/nav-speculation/blob/main/no-vary-search.md Specification https://httpwg.org/http-extensions/draft-ietf-httpbis-no-vary-search.html Design docs https://docs.google.com/document/d/1RS3q6qZ7-k9CvZsDYseGOXzcdQ9fGZ6YYnaW7fTPu7A/edit Summary Enables the HTTP disk cache to use the No-Vary-Search response header to share a cache entry between URLs that differ only in the query parameters. Developers can use No-Vary-Search to specify query parameters that have no impact on the user experience. A common example might be an id used to track conversions. Supporting this header in the HTTP disk cache means that if the user later goes back to that same page without the conversion id, it can be used or revalidated from the cache rather than having to be fetched from scratch from the network. Blink component Internals>Network>Cache Motivation It's common for URLs to have query parameters that contain information that is important for technical or business reasons but doesn't change the user experience. When the same resource is fetched a second time with a different value for these parameters, it is often desirable to serve it from the HTTP disk cache rather than downloading it from the origin server again. This can improve responsiveness for the user, and save bandwidth for both the user and developer. It is possible to do this using the ServiceWorker API to build your own cache, however it is complex and comes with significant overhead. By supporting the No-Vary-Search response header, we can do the same thing easily with minimal overhead. Initial public proposal https://github.com/WICG/nav-speculation/blob/main/no-vary-search.md TAG review https://github.com/w3ctag/design-reviews/issues/797 TAG review status Issues addressed Risks Interoperability and Compatibility No-Vary-Search is a best-effort feature, meaning that servers cannot rely on it being implemented by caches. As a result, it is quite easy to remove if not widely adopted. The main interoperability risk is that it gets widely adopted, and then other browsers implement something similar but different. That might leave us in the difficult situation of having to support two similar features, or doing a deprecation of a widely-adopted feature. Gecko: Positive (https://github.com/mozilla/standards-positions/issues/717) WebKit: No signal (https://github.com/WebKit/standards-positions/issues/106) Web developers: Positive (https://techshed.runbookdocs.com/docs/tips/6/no-vary-search) Other signals: Ergonomics This feature will usually be used in tandem with the Cache-Control, Last-Modified and/or ETag response headers that control the cachability of the response. The implementation design was carefully chosen to avoid additional disk accesses and to minimize the overhead when it is not in use. To avoid context switches, it must run synchronously on the IO thread in the network service, so high performance is essential. Activation Implementation is easy for developers who are able to customize their HTTP response headers. The most time-consuming part is determining which query parameters do not affect user-visible behavior. Developers who cannot customize their HTTP response headers will have to wait for support from the framework or hosting providers they are using. Security The feature must not expose any information to the page that it would not have had otherwise. For this reason, the implementation uses exactly the same partitioning method as the HTTP disk cache. An overly-broad setting for the No-Vary-Search response header can, in combination with other server-side bugs, lead to an attacker being able to control the content which is shown to the user. However, the risk is no worse than with existing features that permit customizing responses like ServiceWorkers. See the design document for more details. WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? None Debuggability Integration with DevTools is not currently planned, but may be added as a future enhancement. Is this feature fully tested by web-platform-tests? No Flag name on about://flags None Finch feature name HttpCacheNoVarySearch Requires code in //chrome? False Tracking bug https://issues.chromium.org/issues/382394774 Launch bug https://launch.corp.google.com/launch/4373880 Measurement Histogram HttpCache.NoVarySearch.UseResult collects information about what proportion of requests use a different cache entry due to No-Vary-Search. Histogram HttpCache.NoVarySearch.HeaderParseResult collects information about what proportion of response have a No-Vary-Search header. Estimated milestones DevTrial on desktop 135 DevTrial on Android 135 Anticipated spec changes Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (eg links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (eg, changing to naming or structure of the API in a non-backward-compatible way). None; everything in https://github.com/httpwg/http-extensions/labels/no-vary-search is editorial Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5808599110254592?gate=6523193134940160 This intent message was generated by Chrome Platform Status. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/67ac01fe.2b0a0220.1b0c0.02a6.GAE%40google.com.
