[blink-dev] Intent to Prototype: User-Agent Client Hints "ch-ua-high-entropy-values" permissions policy

Wed, 02 Apr 2025 16:42:47 -0700 

****


       *Contact emails*

***

miketa...@chromium.org


       Explainer

See Motivation below.


       Specification
https://wicg.github.io/ua-client-hints/#ch-ua-high-entropy-values <https://wicg.github.io/ua-client-hints/#ch-ua-high-entropy-values> 


       Summary
Adds support for a 'ch-ua-high-entropy-values' permissions policy that enables a top-level site to restrict which documents are able to collect high-entropy client hints via the navigator.userAgentData.getHighEntropyValues() JS API. 


       Blink component
Blink > Network > ClientHints <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%20%3E%20Network%20%3E%20ClientHints%22> 


       Motivation
Currently it's only possible to restrict third-party collection of high-entropy User-Agent Client Hints when they're requested over HTTP (via the various permissions policies associated with each Client Hint, i.e.,https://wicg.github.io/client-hints-infrastructure/#policy-controlled-features <https://wicg.github.io/client-hints-infrastructure/#policy-controlled-features>).
The permissions policy proposed by this change allows a first-party site to have more control over which third parties are allowed to request high-entropy client hints via the getHighEntropyValues() JS API, which could be deployed alongside the other permissions policies. 


       Initial public proposal
https://github.com/WICG/ua-client-hints/issues/151#issuecomment-783668130 <https://github.com/WICG/ua-client-hints/issues/151#issuecomment-783668130> 


       Interoperability and Compatibility
Gecko: Neutral. :mt had previously commented <https://github.com/mozilla/standards-positions/issues/533#issuecomment-850030856>that new UA-CH features should defer to their official position.
WebKit: Not requested yet. But the initial issue <https://github.com/WICG/ua-client-hints/issues/151>that prompted this feature was filed as feedback from WebKit.
Web developers: Informal support from a conversation with a developer working on a privacy-focused search engine who was interested in this feature. 


       WebView application risks

Nothing special here


       Is this feature fully tested by web-platform-tests
       
<https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?

Yes, WPTs will be added


       Flag name on about://flags

None


       Finch feature name

ClientHintUAHighEntropyValuesPermissionPolicy


       Requires code in //chrome?

False


       Tracking bug
https://issues.chromium.org/issues/385161047 <https://issues.chromium.org/issues/385161047> 


       Launch bug
https://launch.corp.google.com/launch/4366844 <https://launch.corp.google.com/launch/4366844> 


       Estimated milestones

No milestones specified



       Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/6176703867781120?gate=4953839037579264 <https://chromestatus.com/feature/6176703867781120?gate=4953839037579264> 

*

--
You received this message because you are subscribed to the Google Groups 
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to blink-dev+unsubscr...@chromium.org.
To view this discussion visit 
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/d302cc34-870b-4978-a583-4918ee1631c0%40chromium.org.

Reply via email to