Skip to content

Add new strings for notRestoredReason #11381

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

lozy219
Copy link

@lozy219 lozy219 commented Jun 15, 2025

As part of the project that enables pages with Cache-control: not store header, we will evict the BFCache-eligible page if it has ever used WebSocket, WebRTC and WebTransport. These are implemented, but the not restore reason string was not specified. Currently Chromium shares the string with the ones used for active WebSocket/WebRTC/WebTransport, but it could be confusing. We are proposing to create 3 new strings for the reason introduced by the CCNS changes.

see https://github.com/fergald/explainer-bfcache-ccns/blob/main/README.md for more information.

(See WHATWG Working Mode: Changes for more details.)


/nav-history-apis.html ( diff )

@lozy219
Copy link
Author

lozy219 commented Jun 15, 2025

@domenic @smaug---- could you help to review this change? This is an addition to #9360

Copy link
Member

@domenic domenic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

annevk
annevk previously requested changes Jun 16, 2025
@lozy219 lozy219 requested a review from annevk June 23, 2025 06:01
@lozy219
Copy link
Author

lozy219 commented Jul 8, 2025

@annevk could you help to take another look? Thanks!

<dd>The <code>Document</code> was created from an HTTP response whose
`<code data-x="http-cache-control">Cache-Control</code>` header included the
"<code data-x="">no-store</code>" token, and it has created a <code>WebSocket</code> connection
which might be used to receive sensitive information, so the page was not in a state that could be

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm a bit confused with this stuff when there is https://html.spec.whatwg.org/#unloading-document-cleanup-steps

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The difference between the new reason string websocket-used-with-cache-control-no-store and the existing websocket is that the new one also covers the case where a websocket is created and then destroyed before unloading the document.

This is needed as part of the security mitigation when enabling BFCache for page with cache-control: no store header, because the page may receive some sensitive information from the already-closed websocket. We have discussed here

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@smaug---- does it resolve your confusion, and could you help to review again? Thanks

@domenic domenic added the agenda+ To be discussed at a triage meeting label Jul 18, 2025
@domenic
Copy link
Member

domenic commented Jul 18, 2025

Adding "agenda+" to help unblock this simple PR that has been stuck for over a month. Of course, if we can do so async, that would be even better.

@annevk
Copy link
Member

annevk commented Jul 18, 2025

To be clear, I don't think WebKit has a strong position either way. I just chimed in because I noticed something editorially. I suspect you need @smaug---- or someone else from Mozilla to unblock this.

@domenic
Copy link
Member

domenic commented Jul 18, 2025

Well, we need you to dismiss your "changes requested" review at least :)

@annevk annevk dismissed their stale review July 18, 2025 06:52

See thread.

@lozy219 lozy219 requested a review from smaug---- July 30, 2025 03:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
agenda+ To be discussed at a triage meeting
Development

Successfully merging this pull request may close these issues.

4 participants