From ec059e9718e28c0f04a01dd2190af78456ee2ba9 Mon Sep 17 00:00:00 2001 From: Mike Taylor Date: Fri, 17 Feb 2023 09:28:18 -0500 Subject: [PATCH] Remove Client Hints Infra hard-coded anchors (#332) They're all exported at this point. Also, adds one new anchor for Permissions, to be worked out in #331. --- index.bs | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/index.bs b/index.bs index cff5053..8ea9963 100644 --- a/index.bs +++ b/index.bs @@ -39,16 +39,12 @@ urlPrefix: https://tools.ietf.org/html/rfc8941; spec: rfc8941 text: serializing a list; url: #section-4.1.1 type: abstract-op text: serialize Structured Header; url: #section-4.1 -urlPrefix: https://wicg.github.io/client-hints-infrastructure/ - type: dfn - text: low entropy hint table; url: #low-entropy-hint-table - text: client hints token; url: #client-hints-token - text: client hints fetch integration; url: #fetch - text: policy controlled client hints features; url: #policy-controlled-client-hints-features - text: append client hints to request; url: #abstract-opdef-append-client-hints-to-request urlPrefix: https://tc39.es/ecma262/ type: dfn text: current realm; url: #current-realm +urlPrefix: https://w3c.github.io/permissions/ + type: dfn + text: permission task source; url: #dfn-permissions-task-source urlPrefix: https://w3c.github.io/fingerprinting-guidance/ type: dfn text: passive fingerprinting; url: #dfn-passive-fingerprinting @@ -512,7 +508,7 @@ To return the `Sec-CH-UA` value for a request, perform th Note: Unlike most Client Hints, since it's included in the [=low entropy hint table=], the `Sec-CH-UA` header will be sent by default, whether or not the server opted-into receiving the header via an `Accept-CH` header (although it can still be controlled by it's -[=policy controlled client hints feature=]. +[=policy-controlled client hints feature=]. It is considered low entropy because it includes only the [=user agent=]'s branding information, and the significant version number (both of which are fairly clearly sniffable by "examining the structure of other headers and by testing for the availability and semantics of the features @@ -603,7 +599,7 @@ The header's ABNF is: Note: Like `Sec-CH-UA` above, since it's included in the [=low entropy hint table=], the `Sec-CH-UA-Mobile` header will be sent by default, whether or not the server opted-into receiving the header via an `Accept-CH` header (although it can still be controlled by its -[=policy controlled client hints feature=]). It is considered low entropy because it is a single +[=policy-controlled client hints feature=]). It is considered low entropy because it is a single bit of information directly controllable by the user. The 'Sec-CH-UA-Model' Header Field {#sec-ch-ua-model} @@ -638,7 +634,7 @@ The header's ABNF is: Note: Like `Sec-CH-UA` above, since it's included in the [=low entropy hint table=], the `Sec-CH-UA-Platform` header will be sent by default, whether or not the server opted-into receiving the header via an `Accept-CH` header (although it can still be controlled by its -[=policy controlled client hints feature=]). +[=policy-controlled client hints feature=]). The 'Sec-CH-UA-Platform-Version' Header Field {#sec-ch-ua-platform-version} ---------------------------------- @@ -985,7 +981,7 @@ Client Hints will be delegated from top-level pages via Permissions Policy delivered along with subresource requests, which reduces the potential for [=passive fingerprinting=]. -That delegation is defined as part of [=append client hints to request=]. +That delegation is defined as part of [$append client hints to request$]. Fingerprinting {#fingerprinting} --------------