-
Notifications
You must be signed in to change notification settings - Fork 24
Prefetch and double-key caching #82
Comments
Prefetch makes most sense for navigation loads so it might be best to focus on this specific scenario.
|
Thanks @youennf, I think this is a pretty good/clear proposal to start with. Hoping that we can discuss more at TPAC but giving some quick thoughts here too:
To clarify, do we even want to avoid going with credentials=same-origin?
Have been thinking about this a while, but I think this makes a lot sense at least to start with. (One interesting option @wanderview mentioned off-thread is to skip service workers for prefetch but use the prefetch as NavigationPreload for the service worker when the real navigation occurs. I actually like this idea but given that NavigationPreload is not yet widely supported we can put off considering this further)
Agreed, and I believe this is currently spec'ed.
Sounds sensible to me. One related question is if spec helps prefetches for top-level navigations be distinguishable from others (so that UAs can make better decisions). One way is to use |
Agreed we should tackle this. Also, in the case of prefetch, it is not clear how it is interacting with the fetch spec, its browsing context, if it is attached to a browsing context, whether it should be cancelled or kept alive when the context goes away... |
I'm concerned that this will trigger cases of double download in scenarios where the SW is e.g. modifying the request for a navigation request. At the same time, this seems necessary for privacy protection - otherwise the destination SW can leak the fact that the prefetch happened.
Agree we need to better specify how prefetch relates to Fetch, how the prefetched resources are cached, etc. |
👍 to the above. As a brief aside, I'd actually propose we pull out prefetch from RH into a standalone spec doc, or spec it directly in Fetch.. WDYT? |
Specifying a processing model that tied directly into HTML's |
That's actually not true. We need to introduce the concept of a "speculative fetch" and the concept of a "prefetch cache" that would not be partitioned. |
Most of this makes sense to me, however I'm wondering if someone could clarify the following:
/cc @yutakahirano |
Yes, that is the intention. The principle is to emulate a navigation load which redirect mode is manual.
credentials should be same-origin.
I would tend to disregard the crossorigin attribute. |
Is the current proposal entirely clear though? I think you're saying it is clear that a redirect response in the prefetch cache should be matched if it is the first one, but maybe not otherwise. Is there a reason that matching the first one is more appealing/obvious than later ones in the chain?
Sounds good to me.
Also sounds good to me. I think another question is: What should we do when we ignore those attributes? Cancel the request? Or optionally throw a console warning indicating some attributes have been disregarded, and continue as usual? @yutakahirano prefers cancelling the request, but seems worth discussing as I think it will need reflected in the spec. |
In that case can we use "error" redirect mode? Redirect starts in https://fetch.spec.whatwg.org/#http-fetch, after storing the response into the cache in https://fetch.spec.whatwg.org/#http-network-or-cache-fetch, so I think you will get what you want with "error" redirect mode. I prefer using "error" because it's simpler and easier to understand. |
Apologies for weighing in late, but I'm not sure I fully understand all the rationale here. Do we have any data on how prefetch is used (subresource vs navigation; same-origin vs cross-origin) today? I suppose google.com still uses it for navigations? (I see you all are focused on navigations, but https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ advocates using it for subresources afaict, so it'd be good to have some data.) If the user navigated to the prefetched resource before, it's highly likely they'll get a better experience if cookies are included. Does the proposed setup make sense for a majority of resources or do we end up with a lot of cache mismatches (nobody sets (Bypassing the service worker seems problematic as the service worker is no longer in control of some of the document's network traffic, making it less reliable. This is already true to some extent, but I'm not a big fan of continuing to carve out small exceptions.) |
@annevk we're working on gathering more data. google.com uses it both for subresources and navigations but we're communicating that x-origin subresource prefetch won't be able to work with double-keyed caching (at least until we come up with a workable, privacy-preserving solution). I can imagine that cookieless navigation part can be debatable, while the site that triggers prefetch can also only do so for the pages that will unlikely need cookies. |
That would make it really hard to use the feature correctly though. |
Just to be clear on the data collection bit: right now Chrome is only measuring how many prefetches redirect, to estimate how serious impactful changing the redirect mode would be. We're not sure how to accurately measure the impact of credentials (especially since as we've mentioned, |
I see, the main problem is credentials (or cross-origin navigations) though... Our current plan in Firefox is to use the top-level origin as additional key for this cache, at which point it'll be mostly useless for a number of scenarios. One of the things we're considering is dropping support. I'm curious to know though if @youennf has found that Safari's approach has measurable benefits. |
I understand it that prefetch is for navigations, preload for subresources.
Safari implementation is experimental and incomplete at the moment. In general, cross-site tracking protection will probably continue increasing the cost to do cross-site navigation. It would be nice to have some safe ways to mitigate these costs. In terms of scenarios, search engines come to mind. Web packaging has a similar constraint so the same scenarios might apply.
As long as a resource is cacheable by intermediaries, it should be safe to prefetch it. Or am I too optimistic? I agree it makes the feature harder to use, although I think the whole feature is quite hard to use with or without this restriction. |
To be clear, I'm not sure what Safari's approach is. I assumed it to be #82 (comment), but maybe it's something not stated in this thread? |
This CL renames the PrefetchRedirectError flag to PrefetchPrivacyChanges so the flag can be generalized to encapsulate more privacy-preserving changes proposed in [1]. Also implements the usage of kNoReferrer referrer policy when the privacy changes flag is enabled. A LinkLoader unit test is added to test that the referrer policy is set and persists correctly. It is likely too early to invest in WPTs for this change, since standards discussion must take place before we can determine this is the correct way forward. [1]: w3c/resource-hints#82 R=kinuko@chromium.org, yhirano@chromium.org Bug: 988956 Change-Id: Id01771a1c077b0e018b311983e2d198733fec23b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1781303 Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Commit-Queue: Dominic Farolino <dom@chromium.org> Cr-Commit-Position: refs/heads/master@{#693033}
Reg: credentials and (cross-origin) navigations, one option we thought of is to add an opt-in http header for the target site to explicitly express that "making uncredentialed prefetches and navigations to this site is okay", say, Thinking about this space a bit further I suspect we'll need the similar restrictions (like being uncredentialed) for any cross-origin speculative loading, e.g. As youenn mentioned these features are always anyways a bit hard to use, but it could be still useful to accelerate navigations if used appropriately. I think it'd be worth exploring the most plausible design that could work with reasonable trade-offs. |
That could work, but at that point I wonder whether we should use a new opt-in keyword as well (and drop the current feature) as everything currently annotated as prefetch won't have that and would result in a redundant fetch and cache miss. |
Discussed at the WebPerfWG F2F: For compat and confusion avoidance reasons, it would make sense to define a new keyword. @achristensen07 suggested "prenavigate" which seems like a good option. /cc @ericlaw |
Some of us also discussed this in a breakout discussion during TPAC on Friday (@annevk, @youennf, @yoavweiss, @domfarolino, @yutakahirano, @jyasskin, @bslassey, @kinu and some others were there), and here's a quick summary: For cross-origin prenavigate, one of the concerns is always requiring an opt-in header will likely limit the adoption. As an alternative approach the following two-paths approach (instead of opt-in only solution) was discussed:
In either case the prenavigate request itself will be always sent without credentials, and nothing should be observable if the response is not used (i.e. no credentials changes are committed, no onerror/onload should be propagated). One of the concerns was that Fetch spec integration could be a bit tricky, and one option that was discussed was to introduce a new credentials mode like Next step:
|
Could you also write down the proposed model for |
Let me try. For
Reg: whether we want to keep it around, or can it be just
(While, I started to feel that the difference between prefetch and preload might look more subtle now) |
I guess the other question is how this integrates with Fetch as the above models don't make everything clear. Does |
My understanding is that we are proposing keeping around prefetch (for same-origin optional prefetches) and introducing prenavigate as a form of prefetch which is always sent without credentials. Is that correct? For what it's worth, I and other JavaScript library authors who rely on prefetch (for Quicklink, instant.page and Flying Pages) would like to avoid renaming it for the same-origin use-case if possible. It also appears there's reasonable usage of prefetch in the wild.
+1 to more clearly defining this part of the prefetch model. |
That's my understanding as well, which means most existing prefetch (for same-origin) can stay as is.
Assuming that
|
Sorry to jump in here as a non-expert, but can I ask: Would <link rel="prenavigate" href="https://embed.jsbin.com/abc123" as="document"> So it can start loading the document that will be put in the iframe embed right at the moment the main page (with the code editor interface) begins loading, rather than having to wait for the main page to render and thus loading the main page and the embed in a serial manner. Is this a use case covered by |
No, prenavigate would load https://embed.jsbin.com/abc123 as if it were navigated to in the main frame, and its resources would be cached in the partition of embed.jsbin.com, which would be unavailable for use by a page with the main frame on a different domain. Preload would be used for resources intended to be used from pages in the current partition. |
@achristensen07 Ahh, okay, thank you. So I guess for that use case I'd need to wait for preload |
See #86 (comment) for action plan |
As per #86 (comment), |
See previous comment. |
Moving a private discussion with @kinu and @igrigorik to a public forum
#78 raised questions regarding which origin should a navigation prefetch be tied to in terms of service workers.
Similar questions also arise when thinking about prefetch and double key caching.
Let's say host A is prefetching a linked document from host B.
If we were to consider A as the origin used as the secondary key for the document, when the user were to navigate to B, the resource won't be used, another would be downloaded instead, resulting in slower experience and sadness.
So, it probably makes sense to consider B the double-key origin for the prefetched document, when double-keying is applied.
The plot thickens when talking about prefetching subresources. If they are same origin as the document that will use them, then we can consider caching them similarly to documents, using their origin as the secondary key. But if they are cross-origin, we'd need to explicitly state which document/origin they are prefetched for. Not sure that's worth the complexity though.
Thoughts?
/cc @wanderview @cdumez @youennf
The text was updated successfully, but these errors were encountered: