Deferred fetching #1647
Deferred fetching #1647
Conversation
There was a problem hiding this comment.
- "inactive timeout" -> "deferred delay". At least that seems clearer to me.
- I think
fetchLaterwas quite nice in that it sorts the same asfetch.fetchDeferredcould also work, though is a bit harder to spell. I don't think we need request in the name. - It's not clear how the name fetch group states get activated. That needs some kind of additional PR against HTML I suppose?
- I think we should describe the API in the same section as the fetch method. Could be called "Fetch methods" then.
- Deferred fetching itself could then precede the "Fetch API" section. Maybe it could even be a subsection of "Fetching" though I don't mind a new top-level section.
But this is deferred delay specifically in the case of inactivity. "inactivity deferred delay"?
I was thinking about "what are we doing right now?" which is requesting/scheduling a deferred fetch for later. But
Yes, HTML would activate/deactivate in the BFCache code path. Need to prepare a PR for that but wanted to see that I'm on the right track first.
Will do
OK |
|
cc @mingyc @fergald @yoavweiss @clelland latest API shape proposal for PendingBeacon |
Another note about "origin" of a beacon request: there were some previous discussion about using 3P storage partitioning key (not origin, which is stricter) to decide whether pending beacon requests in a page are sendable or not in terms of privacy concern, see WICG/pending-beacon#30 (comment) and comments there below. I am not sure how this should be spec. |
OK, perhaps the 64kb constraint can be per network partition key rather than origin. |
There was a problem hiding this comment.
Thank you noamr@! I've added some last comments. And also added the missing features from the original proposal belows. Please let us know if they are suitable here.
- It is suggested to allow only secure requests for new API in Do we want to enforce HTTPS request? WICG/pending-beacon#27. Should we enforce HTTPS-only requests on
fetchLater()? - Should this spec mention [Permission Policy]https://www.w3.org/TR/permissions-policy/? In [Fetch-Based API] Permissions Policy WICG/pending-beacon#77, the suggestion is to allow the API by default. But we might want to provide a way to manage 3rd party iframe's usage.
- Consider to support retry mechanism WICG/pending-beacon#40 Should this spec mention retry when
fetchLater()fails to send/commit? - The original PendingBeacon proposal also includes Crash recovery WICG/pending-beacon#34, not sure how it can be incorporated into fetch spec.
Probably a good idea, from the point of view of enabling new features only for secure requests.
I don't think we should integrate with permission policy. But we should allow the user agent to deny a
Perhaps consider adding this later?
I don't think that changes anything in the spec. |
@noamr Following up on the sendable beacon discussion: As mentioned in WICG/pending-beacon#30 (comment), there were discussions around whether a beacon (or deferred request) should be sent when network changes. I tried to summarize them in [this PR](WICG/pending-beacon@feb3cf9, but basically to process a beacon request when BackgroundSync is off, we need to see if another open document (tab/frame/etc) with the same storage partitioning key as the current document's one, to avoid unexpected sending the request after network changes. Do you think the above makes sense to be integrated into Fetch spec? |
The logic for deferred fetching (the `fetchLater` function), as defined in the fetch spec, specifies a "quota" which is shared with between a document and its direct same-origin descendants. For this logic to work in a secure way, the quota needs to be: - reserved when a frame-initiated navigation starts. This way, the container document can only reserve quota based on URLs it knows it navigates to. - freed if the document ends up being same origin with its container, upon document creation. This ensures quota is handled correctly in the case of redirects. This PR adds those two calls: - Call "reserve" on navigation, based on `sourceDocument`. - Call "potentially free" on document creation. Depends on whatwg/fetch#1647, where the quota logic itself is defined.
|
@annevk any chance you could look at this soon? |
fetch.bs
Outdated
| <pre><code> | ||
| + https://me.example.com with Permissions-policy: deferred-fetch=(self "https://ok.example.com") | ||
| | (See below for quota) | ||
| | | ||
| + ---- + https://me.example.com | ||
| | | Shares quota with the <a for=/>top-level traversable</a>, as they're same origin. | ||
| | | | ||
| | + ---- + https://x.example.com | ||
| | 8 kibibytes. | ||
| | | ||
| | | ||
| + ---- + https://x.example.com | ||
| | 8 kibibytes. | ||
| | | | ||
| | + https://me.example.com | ||
| | 0. Even though it's same origin with the <a for=/>top-level traversable</a>, it does not | ||
| | automatically share its quota as they are separated by a cross-origin intermediary. | ||
| | | ||
| + ---- + https://ok.example.com/good | ||
| | | 64 kibibytes, granted via the "{{PermissionsPolicy/deferred-fetch}}" policy. | ||
| | | | ||
| | + ---- + https://x.example.com | ||
| | 0. Only documents with the same origin as the <a for=/>top-level traversable</a> can | ||
| | grant the 8 kibibytes based on the "{{PermissionsPolicy/deferred-fetch-minimal}}" policy. | ||
| | | ||
| + ---- + https://ok.example.com/redirect, navigated to https://x.example.com | ||
| | 0. The reserved 64 kibibytes for https://ok.example.com are not available for https://x.example.com. | ||
| | | ||
| + ---- + https://ok.example.com/back, navigated to https://me.example.com | ||
| Shares quota with the <a for=/>top-level traversable</a>, as they're same origin. | ||
| </code></pre> |
There was a problem hiding this comment.
I don't think this is accessible so I don't think we can include this as-is.
There was a problem hiding this comment.
Fixed to use nested ul and li.
fetch.bs
Outdated
| </div> | ||
|
|
||
| <div algorithm> | ||
| <p>To get the <dfn>deferred-fetch control document</dfn> of a {{Document}} <var>document</var>: |
There was a problem hiding this comment.
Here it should be {{Document}} object for instance.
There was a problem hiding this comment.
I think all of them should be <a for=/>document</a> actually, why should this one be a {{Document}} object?
Squashed and addressed all the comments. |
|
|
||
| <li><p><a data-lt="process a deferred fetch">Process</a> <var>deferredRecord</var>. | ||
| </ol> | ||
| </li> |
| <a for=request>URL</a>, <a lt="URL serializer">serialized</a> with | ||
| [=URL serializer/exclude fragment=] set to true. | ||
|
|
||
| <li><p>Increment <var>totalRequestLength</var> by the <a for=string>length</a> of |
There was a problem hiding this comment.
| <li><p>Increment <var>totalRequestLength</var> by the <a for=string>length</a> of | |
| <li><p>Increment <var>totalRequestLength</var> by the <a for=string>length</a> of |
| <ol> | ||
| <li><p>Let <var>totalRequestLength</var> be the <a for=string>length</a> of <var>request</var>'s | ||
| <a for=request>URL</a>, <a lt="URL serializer">serialized</a> with | ||
| [=URL serializer/exclude fragment=] set to true. |
There was a problem hiding this comment.
I don't think this will get the correct formatting. It needs to use <i><a> iirc.
| pool of 640 kibibytes. | ||
|
|
||
| <p>Out of the allocated quota for a <a for=/>document</a>, only 64 kibibytes can be used | ||
| concurrently for the same reporting origin (the <a for=/>request</a>'s <a for=request>URL</a>' |
There was a problem hiding this comment.
| concurrently for the same reporting origin (the <a for=/>request</a>'s <a for=request>URL</a>' | |
| concurrently for the same reporting origin (the <a for=/>request</a>'s <a for=request>URL</a>'s |
|
|
||
| <p>Out of the allocated quota for a <a for=/>document</a>, only 64 kibibytes can be used | ||
| concurrently for the same reporting origin (the <a for=/>request</a>'s <a for=request>URL</a>' | ||
| <a for=url>origin</a>). This prevents a situation where particular 3rd party libraries would reserve |
There was a problem hiding this comment.
| <a for=url>origin</a>). This prevents a situation where particular 3rd party libraries would reserve | |
| <a for=url>origin</a>). This prevents a situation where particular third-party libraries would reserve |
| <li><p>The <a for=list>size</a> of <var>controlDocument</var>'s <a>node navigable</a>'s | ||
| <a>descendant navigables</a>, <a for=list data-lt=remove>removing</a> any <a for=/>navigable</a> | ||
| whose <a>navigable container</a>'s <a>reserved deferred-fetch quota</a> is not | ||
| <a for="reserved deferred-fetch quota">minimal quota</a>, is less than | ||
| <a>quota reserved for <code>deferred-fetch-minimal</code></a> / | ||
| <a for="reserved deferred-fetch quota">minimal quota</a>. |
There was a problem hiding this comment.
| <li><p>The <a for=list>size</a> of <var>controlDocument</var>'s <a>node navigable</a>'s | |
| <a>descendant navigables</a>, <a for=list data-lt=remove>removing</a> any <a for=/>navigable</a> | |
| whose <a>navigable container</a>'s <a>reserved deferred-fetch quota</a> is not | |
| <a for="reserved deferred-fetch quota">minimal quota</a>, is less than | |
| <a>quota reserved for <code>deferred-fetch-minimal</code></a> / | |
| <a for="reserved deferred-fetch quota">minimal quota</a>. | |
| <li><p>the <a for=list>size</a> of <var>controlDocument</var>'s <a>node navigable</a>'s | |
| <a>descendant navigables</a>, <a for=list data-lt=remove>removing</a> any <a for=/>navigable</a> | |
| whose <a>navigable container</a>'s <a>reserved deferred-fetch quota</a> is not | |
| <a for="reserved deferred-fetch quota">minimal quota</a>, is less than | |
| <a>quota reserved for <code>deferred-fetch-minimal</code></a> / | |
| <a for="reserved deferred-fetch quota">minimal quota</a>, |
| <li><p>If <var>document</var>' <a>node navigable</a>'s <a>container document</a> is null or a | ||
| <a for=/>document</a> whose <a for=Document>origin</a> is not <a>same origin</a> with | ||
| <var>document</var>, return <var>document</var>; Otherwise return the | ||
| <a>deferred-fetch control document</a> given <var>document</var>' <a>node navigable</a>'s | ||
| <a>container document</a>. |
There was a problem hiding this comment.
| <li><p>If <var>document</var>' <a>node navigable</a>'s <a>container document</a> is null or a | |
| <a for=/>document</a> whose <a for=Document>origin</a> is not <a>same origin</a> with | |
| <var>document</var>, return <var>document</var>; Otherwise return the | |
| <a>deferred-fetch control document</a> given <var>document</var>' <a>node navigable</a>'s | |
| <a>container document</a>. | |
| <li><p>If <var>document</var>' <a>node navigable</a>'s <a>container document</a> is null or a | |
| <a for=/>document</a> whose <a for=Document>origin</a> is not <a>same origin</a> with | |
| <var>document</var>, then return <var>document</var>; otherwise, return the | |
| <a>deferred-fetch control document</a> given <var>document</var>'s <a>node navigable</a>'s | |
| <a>container document</a>. |
|
|
||
| <div algorithm="dom-fetch-later"> | ||
| <p>The | ||
| <dfn id=dom-global-fetch-later method for=Window><code>fetchLater(<var>input</var>, <var>init</var>)</code></dfn> |
There was a problem hiding this comment.
| <dfn id=dom-global-fetch-later method for=Window><code>fetchLater(<var>input</var>, <var>init</var>)</code></dfn> | |
| <dfn method for=Window><code>fetchLater(<var>input</var>, <var>init</var>)</code></dfn> |
| readonly attribute boolean activated; | ||
| }; | ||
|
|
||
| partial interface mixin Window { |
There was a problem hiding this comment.
| partial interface mixin Window { | |
| partial interface Window { |
I don't understand why this would be a mixin.
| <li><p>If <var>request</var>'s <a for=request>window</a>'s <a>associated document</a> is not a | ||
| <a>fully active</a> <a for=/>document</a>, then throw a {{TypeError}}. |
There was a problem hiding this comment.
| <li><p>If <var>request</var>'s <a for=request>window</a>'s <a>associated document</a> is not a | |
| <a>fully active</a> <a for=/>document</a>, then throw a {{TypeError}}. | |
| <li><p>If <var>request</var>'s <a for=request>window</a>'s <a>associated document</a> is not | |
| <a>fully active</a>, then throw a {{TypeError}}. |
Add a JS-exposed function to request a deferred fetch, called
fetchLater.A deferred fetch would be invoked in one of two scenarios:
A few constraints:
The quota algorithm is a bit intricate, but its default should be somewhat reasonable for all but advanced cases.
fetchLaterin sequence.deferred-fetch-minimal) controls that, and the top-level document can disable that allocated quota by disabling that permissions policy.deferred-fetchpermissions policy.srcon an iframe. It is not guaranteed that the subframe would actually be able to use thatquota, as it might end up navigating to a same-origin URL or disable the feature in its own permissions policy. However, the container's document only cares about the initial reserved value for subframes it doesn't have direct access to.
See WICG/pending-beacon#70
(See WHATWG Working Mode: Changes for more details.)
Preview | Diff