Closed Bug 1508292 Opened 6 years ago Closed 5 years ago

Implement Sec-Fetch-* (was: Sec-MetaData)

Categories

(Core :: DOM: Security, enhancement, P2)

Product:
Core
Component:
DOM: Security
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla76
Tracking Flags:
Tracking Status
firefox76 --- fixed

People

(Reporter: ckerschb, Assigned: ckerschb)

References

(Depends on 2 open bugs)

Details

(Keywords: dev-doc-complete, Whiteboard: [domsecurity-active])

Attachments

(1 file)

Bug 1508292: Implement Sec-Fetch-*. r=baku
47 bytes, text/x-phabricator-request
Details | Review
We should consider implementing Sec-Metadata; for more info see: https://github.com/mikewest/sec-metadata
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
Summary: Implement Sec-MetaData → Implement Sec-Fetch-* (was: Sec-MetaData)
Assignee: nobody → tnguyen
Depends on: 1595762
Depends on: 1596402
Assignee: tnguyen → ckerschb
Status: NEW → ASSIGNED
Priority: P3 → P2
Whiteboard: [domsecurity-backlog1] → [domsecurity-active]
Depends on: 1621987

Sorry for the backout, my mistake, I've relanded the patch.

Flags: needinfo?(ckerschb)

https://hg.mozilla.org/mozilla-central/rev/5bcb1cba1a89

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox76: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla76
Regressions: 1623400
Regressions: 1623850
Regressions: 1624914

Hey, will there be follow up work regarding the regressions or will the pref be turned off by default?

Flags: needinfo?(ckerschb)

(In reply to Andrei Oprea [:andreio] from comment #9)

Hey, will there be follow up work regarding the regressions or will the pref be turned off by default?

The pref will remain false at least until we have resolved performance impact (Bug 1623053, Bug 1623850) and also have implemented the missing spec bits, which are Sec-Fetch-User (Bug 1621987).

Flags: needinfo?(ckerschb)
Depends on: 1628605
Regressions: 1627794

The Push regressions (bug 1623400) turned out to be our push server having an implementation limit on the number of headers it expected. Adding three additional Sec-Fetch- headers exceeded that limit by one. Maybe the other regressions are similar, especially on sites that work in Chrome so we know it's not specifically Sec-Fetch- (I believe Chrome sends slightly fewer/smaller headers than we do).

Depends on: 1648825
Depends on: 1647128
Blocks: 1695911
Regressions: 1703466
Depends on: 1738694
Depends on: 1755998

FYI, replaced the dev-doc-needed with -complete: The sec-fetch-* headers are documented and BCD was updated on release of this in FF90

Keywords: dev-doc-neededdev-doc-complete
Blocks: 1813489
See Also: → 1819592
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: