Current State of Permission Prompt? #110
Comments
|
Thanks for reaching out! We are currently planning to start the origin trial on Chrome M117 (branch on Aug 8, 2023, stable release on Sep 12, 2023) |
|
I have more questions... Why are you imposing so much work on tens of thousands of developers in the world? Can you please check whether the following code is what developers are supposed to be doing to adjust fetch requests? /* jshint module: true */
// Implementation according to
// - https://docs.google.com/document/d/1AvmBr14fBx1N1wVbuCMYJF4Oaix6ILWrt60jufoAVeI/edit
// - https://github.com/WICG/private-network-access
// - https://github.com/WICG/private-network-access/blob/master/permission_prompt/explainer.md
function getAddressSpace(host) {
try {
const octets = host.split('.').map(Number);
if (octets.length !== 4 || octets.some(octet => isNaN(octet) || octet < 0 || octet > 255)) {
return null;
}
if (octets[0] === 10) {
return 'private';
}
if (octets[0] === 172 && octets[1] >= 16 && octets[1] <= 31) {
return 'private';
}
if (octets[0] === 192 && octets[1] === 168) {
return 'private';
}
if (octets[0] === 127) {
return 'local';
}
if (octets[0] === 100 && octets[1] >= 64 && octets[1] <= 127) {
return 'private';
}
if (octets[0] === 198 && octets[1] >= 18 && octets[1] <= 19) {
return 'local';
}
if (octets[0] === 169 && octets[1] === 254) {
return 'private';
}
return null;
} catch (e) {
console.error(e.message);
return null;
}
}
function adjustFetchOptions(url, options) {
if (!self.isSecureContext) {
return;
}
const urlObj = new URL(url);
const host = urlObj.hostname;
const protocol = urlObj.protocol;
if (protocol !== 'http:') {
return false;
}
const addressSpace = getAddressSpace(host);
if (!addressSpace) {
return;
}
options.targetAddressSpace = addressSpace;
}
export default { adjustFetchOptions: adjustFetchOptions }; |
|
We might want to take special treatment for IP address hosts and automatically apply Noted that we are restricting the websites which trying to talk to private network with secure context. It is not true only if the website has joined the deprecation trial. We would like to close the deprecation trial after this permission prompt proposal launched. |
|
Thanks a lot for getting back!
Ah - private DNS, understood - that was the missing bit.
That would make a lot of sense because in case of numeric/IP hosts, all developers would need to include that same code like above unnecessarily. Same reason with regards to the idea of requiring everybody to implement a serviceworker for the sole purpose of adding that fetch() option. Would it be possible to find an easier (integrated/automatic) method for cases like image loading?
Could you please clarify the "It is not true only if..." sentence? For context: Yes, we have joined the deprecation trial. It allows us to continue doing the following:
What's not working right now (no matter with or without deprecation trial) is:
But C is supposed to work in the future as a replacement for A and A won't be working anymore, when the deprecation trial ends. Everything correct so far? I assume, B will stop working either, can you confirm? |
|
Yes, C is supposed to work ad a replacement for A. We have no current plan to stop B. It is at least out of scope of Private Network Access context. FYI, the permission prompt Origin Trial has started since M120: https://developer.chrome.com/origintrials/#/view_trial/1367968386813788161 |
|
Thanks for the update. We'll jump in the origin trial once 120 is ga and report back. |
Hi @iVanlIsh, I have a few questions:
Thank you very much |
Is it supposed to work already?
I precisely followed the instructions here: https://docs.google.com/document/d/1AvmBr14fBx1N1wVbuCMYJF4Oaix6ILWrt60jufoAVeI/edit
But I see no preflight request. It's being blocked as mixed content right away (Chrome 114).
The text was updated successfully, but these errors were encountered: