From ddaaef92e60cb0a5fe743c4c2666ed14dd6850db Mon Sep 17 00:00:00 2001 From: Noam Rosenthal Date: Sun, 19 Mar 2023 09:09:59 +0200 Subject: [PATCH] Define preconnect and dns-prefetch with CSP See whatwg/html#9035 --- fetch.bs | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 73 insertions(+), 1 deletion(-) diff --git a/fetch.bs b/fetch.bs index 7dc74cf3c..ca8637f01 100644 --- a/fetch.bs +++ b/fetch.bs @@ -3027,6 +3027,78 @@ details of reused connections are not exposed and time values are coarsened. +

Preemptive connection operations

+ +
+

To preemptively obtain a connection, given an +environment settings object environment, a URL url, and a +boolean credentials, run these steps: + +

    +
  1. Let key be the result of determining the network partition key given + environment. + +

  2. +

    Check CSP for preemptive operation with environment and url. If + that returns allowed, Obtain a connection with key, url and + credentials. + +

    This connection is obtained but not used directly. It will remain in the + connection pool for subsequent use. + +

    The user agent should attempt to initiate a preconnect and perform the full + connection handshake (DNS+TCP for HTTP, and DNS+TCP+TLS for HTTPS origins) whenever possible, but + is allowed to elect to perform a partial handshake (DNS only for HTTP, and DNS or DNS+TCP for + HTTPS origins), or skip it entirely, due to resource constraints or other reasons.

    + +

    The optimal number of connections per origin is dependent on the negotiated + protocol, users current connectivity profile, available device resources, global connection + limits, and other context specific variables. As a result, the decision for how many connections + should be opened is deferred to the user agent.

    +
+
+ +
+

To preemptively resolve an origin, given an +environment settings object environment and a URL url, run +these steps: + +

    +
  1. Let key be the result of determining the network partition key given + environment. + +

  2. Check CSP for preemptive operation with environment and url. If + that returns blocked, return. + +

  3. Let proxies be the result of finding proxies for url in an + implementation-defined manner. + +

  4. +

    If there proxies is empty, or if proxies + contains "DIRECT", then resolve an origin given key + and url's origin. + +

    As the results of this algorithm can be cached, future fetches could be faster. +

+
+ +
+

To Check CSP for preemptive operation, given an +environment settings object environment, and a URL url, +run these steps: + +

    +
  1. Let request be a request whose URL is + url, initiator is "prefetch", and whose + client is environment. + +

  2. Return the result of running should request be blocked by Content Security Policy? + given request. + +

+
+ +

Network partition keys

A network partition key is a tuple consisting of a site and null or @@ -8720,7 +8792,7 @@ to discuss. [[CSP]] environment settings object you're operating in. Web-exposed APIs are generally defined with Web IDL, for which every object that implements an interface has a relevant settings object you can use. For example, a request associated with an -element would set the request's client to the element's +{{Element}} would set the request's client to the element's node document's relevant settings object. All features that are directly web-exposed by JavaScript, HTML, CSS, or other {{Document}} subresources should have a client.