Add explainer and server requirements for Referrer-Provided Prefetch Proxies#428
Add explainer and server requirements for Referrer-Provided Prefetch Proxies#428
Conversation
|
This explainer intends to address issue #368. |
tunetheweb
left a comment
tunetheweb
left a comment
There was a problem hiding this comment.
Only really reviewed the first explainer so far. Will look at the other two later.
referrer_provided_prefetch_proxy_security_privacy_questionnaire.md
Outdated
Show resolved
Hide resolved
|
|
||
| * **Firefox:** No public position. Firefox engineers originally suggested this feature in March 2025: [https://github.com/WICG/nav-speculation/issues/368](https://github.com/WICG/nav-speculation/issues/368). | ||
| * **Safari:** No public position. | ||
| * **Edge:** No public position. |
There was a problem hiding this comment.
Have you filed standards position issues?
There was a problem hiding this comment.
No, I haven't.
Should I file them at this stage? Blink > Launching Features > Getting Wider Review suggested getting formal standards positions around OT / I2S time.
There was a problem hiding this comment.
Eh, I'd probably do it sooner than later honestly.
| * **How do site developers control which tokens are used by a UA in a specific request?** | ||
| Proposal: it shouldn’t matter exactly which token a UA uses, the site should provide as many tokens as there are prefetch candidates. | ||
| * **What happens if a speculation rules JSON document doesn’t provide exactly as many tokens as there are prefetch candidates?** | ||
| Proposal: UA will select and remove a token at random from the ordered set of tokens and use that token for a CONNECT request. If the set is empty, the “create navigation params” algorithm should fail and print a warning to the console. |
There was a problem hiding this comment.
Ah, looks like I have the same question immediately above this. I don't have much to add here except that I agree that one token per request is unworkable for the web, so we'd need one to rule them all. Why is the token schema more complicated because of this?
3 participants
This PR introduces an early design sketch for the Referrer-Provided Prefetch Proxies architecture.
It allows referring sites to operate their own privacy-preserving proxy servers for cross-origin prefetching. This shifts the operational cost to the party benefiting from faster navigations and aligns the proxy trust model without compromising client privacy.
Documents added
referrer_provided_prefetch_proxies.md: The main explainer outlining the problem, use cases, and proposed changes (new Speculation Rule requirements). Includes answers to the security and privacy self-review questionnaire.referrer_provided_prefetch_proxy_server_requirements.md: Client-server protocol and server requirements (abuse prevention, privacy goals, geolocation).