Add browsing-topics to Permissions-Policy header
#323
Conversation
LeoColomb
changed the title
browsing-topics to Permissions-Policy header
|
Thanks for opening this PR @dmarti. For these reasons, I believe your proposal is too early, thus I'm closing. |
|
@LeoColomb Thank you, just wanted to share a quick update: "Topics API" is now scheduled to be pushed out to all Google Chrome users in mid-2023. See h5bp/server-configs-apache#340 |
|
I believe it would be more beneficial to keep this pull request and future ones open rather than closing them. While it may be considered premature to merge an experimental feature, keeping a PR open and visible to the community allows for more input and contributions from those who may not be aware of a new feature. Additionally, closed PRs may not receive as much attention from potential contributors or those interested in providing input. |
|
@LeoColomb Another update on the status of "Topics API". As a growing percentage of Google Chrome installs are supporting this, third-party scripts are starting to call this API -- including new versions of existing scripts. So it is possible that a site maintainer with no knowledge of this API is already having their users' data collected by a script they installed in order to do something else. Unfortunately, this header will be needed to protect a site's Google Chrome users from having their info collected -- if the site uses any third-party scripts or iframes. (It's not necessary for a site with only first-party content, or with audited third-party content and SRI) Info on rollout of Topics API: https://developer.chrome.com/docs/privacy-sandbox/topics/latest/ |
|
Looks good @dmarti. Is the content still up-to-date? |
Google is currently testing "Topics API," a new proposal for transferring user interests among sites, currently up to about 5% of Google Chrome users ( https://groups.google.com/a/chromium.org/g/blink-dev/c/Vi-Rj37aZLs/m/wzeBWfxxEgAJ ) This may be appropriate for some ad-supported sites, or sites that run landing pages for ads, but can present risks to users in other contexts. Probably safest to set this header to opt out and then let the site administrator change it if they want to use "Topics API" and understand the compliance and security consequences. There is an existing opt-out for WordPress that does both this and the earlier FLoC system: https://roytanck.com/2021/04/15/opt-out-of-floc-on-your-wordpress-website/
|
@LeoColomb Yes, the content is up to date, thank you. |
|
@LeoColomb thank you, and thank you for handling h5bp/server-configs-apache#340 as well |
Google is currently testing "Topics API," a new proposal for transferring user interests among sites, currently up to about 5% of Google Chrome users ( https://groups.google.com/a/chromium.org/g/blink-dev/c/Vi-Rj37aZLs/m/wzeBWfxxEgAJ )
This may be appropriate for some ad-supported sites, or sites that run landing pages for ads, but can present risks to users in other contexts. Probably safest to set this header to opt out and then let the site administrator change it if they want to use "Topics API" and understand the compliance and security consequences.
There is an existing opt-out for WordPress that does both this and the earlier FLoC system: https://roytanck.com/2021/04/15/opt-out-of-floc-on-your-wordpress-website/