Re: [blink-dev] Intent to Ship: Private Network Access restrictions for automotive

[Mike Taylor]

LGTM1. Curious to know (but happy to not know) how many local servers 
are running in my car...

On 9/18/23 5:30 AM, Jonathan Hao wrote:


        Contact emails


        p...@chromium.org


        Explainer


        https://github.com/WICG/private-network-access/blob/main/explainer.md


        Specification


        https://github.com/WICG/private-network-access


        Design docs



        
https://docs.google.com/document/d/1ozjh-G6faEEkgVp__mjq6c_4U93sS4kK4zoelTE7Awg/edit?usp=sharing


        Summary


        Enforce (instead of just warn) Private Network Access
        restrictions on Chrome for Android Automotive (if
        BuildInfo::is_automotive), including: - Private Network Access
        preflight requests for subresources. See
        https://chromestatus.com/feature/5737414355058688, and -
        Private Network Access for Workers. See
        https://chromestatus.com/feature/5742979561029632



        Blink component


        Blink>SecurityFeature>CORS>PrivateNetworkAccess
        
<https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3ECORS%3EPrivateNetworkAccess>


        TAG review


        https://github.com/w3ctag/design-reviews/issues/572


        TAG review status


        Issues addressed


        Origin Trial documentation link


        https://github.com/WICG/private-network-access/blob/main/explainer.md


        Risks




        Interoperability and Compatibility


        Android Automotive is going to be a new platform, so no
        websites should rely on making private network requests yet.
        And our purpose is to ship this from the beginning to avoid
        future compatibility risks.



        /Gecko/: Positive
        (https://github.com/mozilla/standards-positions/issues/143)

        /WebKit/: Positive
        (https://github.com/WebKit/standards-positions/issues/163)

        /Web developers/: Mixed signals Anecdotal evidence so far
        suggests that most web developers are OK with this new
        requirement, though some do not control the target endpoints
        and would be negatively impacted.

        /Other signals/:


        Security


        This change aims to be security-positive, preventing CSRF
        attacks against soft and juicy targets such as router admin
        interfaces. It does not cover navigation requests, which are
        to be addressed in followup launches. DNS rebinding threats
        were of particular concern during the design of this feature:
        
https://docs.google.com/document/d/1FYPIeP90MQ_pQ6UAo0mCB3g2Z_AynfPWHbDnHIST6VI/edit#heading=h.189j5gnadts9



        WebView application risks


        Does this intent deprecate or change behavior of existing
        APIs, such that it has potentially high risk for Android
        WebView-based applications?

        None



        Debuggability


        Relevant information (client and resource IP address space) is
        already piped into the DevTools network panel. Deprecation
        warnings and errors will be surfaced in the DevTools issues
        panel explaining the problem when it arises.



        Will this feature be supported on all six Blink platforms
        (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?


        No


        Is this feature fully tested by web-platform-tests
        
<https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?


        Yes


        Flag name on chrome://flags


        None


        Finch feature name


        PrivateNetworkAccessRestrictionsForAutomotive


        Requires code in //chrome?


        False


        Estimated milestones


        Shipping on Android (only when is_automotive=true)      119



        Anticipated spec changes


        Open questions about a feature may be a source of future web
        compat or interop issues. Please list open issues (e.g. links
        to known github issues in the project for the feature
        specification) whose resolution may introduce web
        compat/interop risk (e.g., changing to naming or structure of
        the API in a non-backward-compatible way).

        None


        Link to entry on the Chrome Platform Status


        https://chromestatus.com/feature/5082807021338624


        Links to previous Intent discussions


        Intent to prototype:
        
https://groups.google.com/a/chromium.org/g/blink-dev/c/MO2HmKaFe8c/m/vljPBcxdAQAJ

        This intent message was generated by Chrome Platform Status
        <https://chromestatus.com/>.

--
You received this message because you are subscribed to the Google 
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit 
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOC%3DiP%2BAu2epCdGTM-VgyBXj61C%2BJ4WUv3WTO9SZ_OAeaf2JmQ%40mail.gmail.com 
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOC%3DiP%2BAu2epCdGTM-VgyBXj61C%2BJ4WUv3WTO9SZ_OAeaf2JmQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.

--
You received this message because you are subscribed to the Google Groups 
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit 
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/bfda4093-340b-4dfe-b98c-95564743309e%40chromium.org.