You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Priority Hints API gives developers the ability to signal to browsers the priority in which resources ought to be downloaded. Having a parametric policy would simplify implementation and could itself act as a priority signal.
Although parameterized features help provide further control - not providing granular enough control is concerning as developers would only be able to set priorities based on browsing contexts and not per content-type or preferably per resource: Feature-Policy: importance 'self'(high) - indicating all resources from the site to be of high priority.
The above is somewhat salvageable by either having the importance policy separated into multiple policy names: image-importance, script-importance, frame-importance etc. - which probably doesn't win over any fans, or if parametric policies would allow for e.g: importance 'self'(style: high; frame: low; img: auto);
But unless parametric policies are able to effectively target a specific resource, e.g. element #id's (seems like a security issue to me if applicable to some other policies), a policy wouldn't help developers accomplish what priority hints intend to do - which is fine grained control per-resource basis.
With that said, I think priority hints as a policy should at least be considered.
The text was updated successfully, but these errors were encountered:
clelland
transferred this issue from w3c/webappsec-permissions-policy
Dec 1, 2020
The Priority Hints API gives developers the ability to signal to browsers the priority in which resources ought to be downloaded. Having a parametric policy would simplify implementation and could itself act as a priority signal.
Although parameterized features help provide further control - not providing granular enough control is concerning as developers would only be able to set priorities based on browsing contexts and not per content-type or preferably per resource:
Feature-Policy: importance 'self'(high)- indicating all resources from the site to be of high priority.The above is somewhat salvageable by either having the
importancepolicy separated into multiple policy names:image-importance,script-importance,frame-importanceetc. - which probably doesn't win over any fans, or if parametric policies would allow for e.g:importance 'self'(style: high; frame: low; img: auto);This type of fine grained control is obviously a question for the issue about parameterized features (w3c/webappsec-permissions-policy#163).
But unless parametric policies are able to effectively target a specific resource, e.g. element
#id's (seems like a security issue to me if applicable to some other policies), a policy wouldn't help developers accomplish what priority hints intend to do - which is fine grained control per-resource basis.With that said, I think priority hints as a policy should at least be considered.
The text was updated successfully, but these errors were encountered: