diff --git a/.github/labeler.yml b/.github/labeler.yml new file mode 100644 index 0000000000..fcdfaf9193 --- /dev/null +++ b/.github/labeler.yml @@ -0,0 +1,3 @@ +# Add 'triage-needed' label to any issue that gets opened. +triage-needed: + - '/.*/' \ No newline at end of file diff --git a/.github/workflows/label-new-issues.yaml b/.github/workflows/label-new-issues.yaml deleted file mode 100644 index d8b8222420..0000000000 --- a/.github/workflows/label-new-issues.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# This workflow is used to add the 'triage-needed' label to newly opened issues. -# This way it's easy for us to know which issues have not been triaged yet. - -name: Label new issues to be triaged -on: - issues: - types: - - reopened - - opened -jobs: - label_issues: - runs-on: ubuntu-latest - permissions: - issues: write - steps: - - name: Label issues - uses: andymckay/labeler@5c59dabdfd4dd5bd9c6e6d255b01b9d764af4414 - with: - add-labels: "triage-needed" - repo-token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/labeler.yaml b/.github/workflows/labeler.yaml new file mode 100644 index 0000000000..fa822f8a3d --- /dev/null +++ b/.github/workflows/labeler.yaml @@ -0,0 +1,18 @@ +name: "New issue labeler" +on: + issues: + types: [opened] + +permissions: + issues: write + contents: read + +jobs: + triage: + runs-on: ubuntu-latest + steps: + - uses: github/issue-labeler@v3.1 + with: + configuration-path: .github/labeler.yml + enable-versioned-regex: 0 + repo-token: ${{ github.token }} \ No newline at end of file diff --git a/microsoft-edge/extensions-chromium/store-policies/developer-policies.md b/microsoft-edge/extensions-chromium/store-policies/developer-policies.md index d9216660e2..41db77c874 100644 --- a/microsoft-edge/extensions-chromium/store-policies/developer-policies.md +++ b/microsoft-edge/extensions-chromium/store-policies/developer-policies.md @@ -5,7 +5,7 @@ author: MSEdgeTeam ms.author: msedgedevrel ms.topic: conceptual ms.prod: microsoft-edge -ms.date: 07/10/2023 +ms.date: 08/18/2023 --- # Microsoft Edge Add-ons store developer policies @@ -239,7 +239,7 @@ The primary content of your extension must not be advertising, and advertising m #### 1.10.2 Policies and Agreements -Any advertising content your extension displays must adhere to [Microsoft Creative Acceptance Policy](https://about.ads.microsoft.com/solutions/ad-products/display-advertising/creative-acceptance-policies). +Any advertising content your extension displays must adhere to [Microsoft Advertising Network policies](https://about.ads.microsoft.com/policies/home). If your extension displays ads, all content displayed must conform to the advertising requirements of the [App Developer Agreement](/legal/windows/agreements/app-developer-agreement) and this Policy. @@ -251,7 +251,7 @@ If your extension displays ads, all content displayed must conform to the advert #### 1.10.4 Promotions -If you purchase or create promotional ad campaigns to promote your extensions through the ad campaign functionality in [Partner Center](https://partner.microsoft.com/dashboard/microsoftedge/public/login?ref=dd), all ad materials you provide to Microsoft, including any associated landing pages, must comply with [Microsoft Creative Specifications Policy](https://about.ads.microsoft.com/policies/creative-specs) and [Microsoft Creative Acceptance Policy](https://about.ads.microsoft.com/solutions/ad-products/display-advertising/creative-acceptance-policies). +If you purchase or create promotional ad campaigns to promote your extensions through the ad campaign functionality in [Partner Center](https://partner.microsoft.com/dashboard/microsoftedge/public/login?ref=dd), all ad materials you provide to Microsoft, including any associated landing pages, must comply with [Microsoft Creative Specifications Policy](https://about.ads.microsoft.com/policies/creative-specs) and [Microsoft Advertising Network policies](https://about.ads.microsoft.com/policies/home). #### 1.10.5 Notifying Users of Opt-Out for Interest-Based Advertising diff --git a/microsoft-edge/privacy-whitepaper/index.md b/microsoft-edge/privacy-whitepaper/index.md index 556de582a5..a0508e35ce 100644 --- a/microsoft-edge/privacy-whitepaper/index.md +++ b/microsoft-edge/privacy-whitepaper/index.md @@ -7,7 +7,7 @@ ms.topic: conceptual ms.prod: microsoft-edge ms.localizationpriority: high no-loc: [Cast, Google Cast] -ms.date: 08/04/2023 +ms.date: 08/23/2023 --- # Microsoft Edge Privacy Whitepaper @@ -161,16 +161,41 @@ Google may collect some data associated with the Media Router extension. To unin ## Collections -You may collect sites, text, and images from the web, and organize the content with Collections in Microsoft Edge. All collections data is stored locally on the device and organized per Microsoft Edge profile. If you have sync turned on for Collections, your collections, notes, and comments are available across all signed-in and syncing versions of Microsoft Edge. +The Collections feature in Microsoft Edge allows you to save web pages, text, images, and videos from the web. You can organize the content based on the projects, events, and interests that matter to you. You can also save notes in your collections and add notes to individual items as well. Collections uses the Microsoft Edge Entity Extraction service to enrich the content that you collect by including thumbnails and metadata, such as price and star rating. For more information, see [Entity extraction](#entity-extraction) below. -Every 24 hours, Microsoft Edge downloads a list of supported sites that have special entity extraction templates. The templates are specific to each website. When you create a new item in your collection, Microsoft Edge verifies that the site you are collecting from is in the list of supported sites. If the site is in the list, Microsoft Edge pings the entity extraction service for the template of the specific site. No user identifiers are associated with the request to the service. The template attempts to identify the name, price, ratings, primary image, and other data about the item being collected. If the site you are collecting from is not on the supported list site, Microsoft Edge does not download a template. Templates allow collection items to be created locally on the device. No data about the collection items are sent to the service when creating the collection. +The Collections feature is not available in **Guest** mode or Kids Mode. -You can delete templates stored on the device and clear the cache data. Go to `edge://settings/privacy`. In **Clear browsing data** next to **Clear browsing data now**, select the **Choose what to clear** button. Choose your desired time range and type of data, then select the **Clear now** button. Another way to delete cached data, go to `edge://settings/clearBrowserData` select the desired time range and type of data, then select the **Clear now** button. +Collections storage and feature availability depend on your Microsoft Edge Sign-in and Sync settings. - -You can use the title of your collection to find relevant Pinterest Topic pages when searching in Microsoft Bing. Go to `edge://settings/privacy`. Turn on the **Show suggestions from Pinterest in Collections** setting. Microsoft Edge does not send data about your collections to Pinterest. You can remove the suggestions and stop searches for Pinterest Topic pages. Go to `edge://settings/privacy` and turn off the **Show suggestions from Pinterest in Collections** setting. -Collections aren't available when using **InPrivate** or **Guest** modes. + +#### Signed in with a personal account + +When you sign in to Microsoft Edge with a personal Microsoft Account (MSA), your collections, saved items, notes, and images are automatically saved on Microsoft cloud for free. You can access your collections from Microsoft Edge on any device where you're signed in. You can even view and manage your collections online in any browser by visiting the [Collections portal](https://www.bing.com/saves) at Bing.com. Collections also enhance your experience with a personalized interest feed, if your personalization settings support this feature. + +If you want to disable Collections for a signed-in profile using a personal account, go to `edge://settings/privacy`, scroll down to the **Services** section, and then turn off the toggle for **Show Collections and follow content creators in Microsoft Edge**. + +When you sign in with a personal account and Sync for Collections is disabled, all collections data is stored locally on the device, organized per Microsoft Edge profile. + +You cannot access Collections from an InPrivate window while signed in with a personal account. + + + +#### Signed in with a work or school account + +If you're signed in with a work or school account and are syncing Collections, your collections, saved items, notes, and images are synced across devices. If you want to stop syncing your Collections, you can turn off Sync for Collections from `edge://settings/profiles/sync`. + +When you sign in with a work or school account and Sync for Collections is disabled, all collections data is stored locally on the device, organized per Microsoft Edge profile. + +You can access Collections from an InPrivate window while signed in with a work or school account. + + + +#### Signed-out + +When you don't sign in to Microsoft Edge, all collections data is stored locally on the device, organized per Microsoft Edge profile. + +You can access Collections from an InPrivate window when using a signed-out profile. @@ -305,6 +330,14 @@ When these enterprise features are on, the browser sends auditing and diagnostic Please contact your enterprise administrator to understand your company's policies for such data collection. + +## Entity extraction + +Microsoft Edge uses entity extraction templates that are specific to a list of supported websites to identify the name, price, ratings, primary image, and other data about the item being collected locally. When creating the collection, no user identifiers or other data are sent to Microsoft services. + +If you want to delete such templates stored on the device, go to `edge://settings/clearBrowserData`, select the desired time range and type of data, and then click the **Clear now** button. + + ## Extensions and Microsoft Edge Add-ons diff --git a/microsoft-edge/progressive-web-apps-chromium/how-to/push-images/devtools-push.png b/microsoft-edge/progressive-web-apps-chromium/how-to/push-images/devtools-push.png deleted file mode 100644 index 78cd7558e2..0000000000 Binary files a/microsoft-edge/progressive-web-apps-chromium/how-to/push-images/devtools-push.png and /dev/null differ diff --git a/microsoft-edge/progressive-web-apps-chromium/how-to/push-images/notification-permission.png b/microsoft-edge/progressive-web-apps-chromium/how-to/push-images/notification-permission.png deleted file mode 100644 index cd2fc9e78e..0000000000 Binary files a/microsoft-edge/progressive-web-apps-chromium/how-to/push-images/notification-permission.png and /dev/null differ diff --git a/microsoft-edge/progressive-web-apps-chromium/how-to/push-images/windows-action-center.png b/microsoft-edge/progressive-web-apps-chromium/how-to/push-images/windows-action-center.png deleted file mode 100644 index ff386976da..0000000000 Binary files a/microsoft-edge/progressive-web-apps-chromium/how-to/push-images/windows-action-center.png and /dev/null differ diff --git a/microsoft-edge/progressive-web-apps-chromium/how-to/push.md b/microsoft-edge/progressive-web-apps-chromium/how-to/push.md index 3cafa53cbf..e17e2867af 100644 --- a/microsoft-edge/progressive-web-apps-chromium/how-to/push.md +++ b/microsoft-edge/progressive-web-apps-chromium/how-to/push.md @@ -6,7 +6,7 @@ ms.author: msedgedevrel ms.topic: conceptual ms.prod: microsoft-edge ms.technology: pwa -ms.date: 06/16/2023 +ms.date: 08/03/2023 --- # Re-engage users with push messages @@ -14,147 +14,133 @@ Push messages are a useful communication channel that lets applications update t One of the most significant advantages of push messages is that they can be delivered by your app's server even when the user isn't actively using your app. -Push message notifications are useful for apps to take part in the system's notification center and display images and text information. Notifications are useful to alert the user about an important updates in your app. However, notifications should be used rarely, because they tend to be disruptive to the user's workflow. +Push message notifications take part in the system's notification center, and they can display images and text information. Notifications are useful to alert the user about an important updates in your app. However, notifications should be used rarely, because they tend to be disruptive to the user's workflow. To create a PWA that supports push notifications: -1. Subscribe to a messaging service using the [Push API](https://developer.mozilla.org/docs/Web/API/Push_API). -1. Display a toast message when a message is received from the service, by using the [Notifications API](https://developer.mozilla.org/docs/Web/API/Notifications_API). - -Like Service Workers, the push notification APIs are standards-based APIs. The push notification APIs work across browsers, so your code should work everywhere that PWAs are supported. For more information about delivering push messages to different browsers on your server, see [Web-Push](https://www.npmjs.com/package/web-push). +1. Request the user's permission to receive push notifications in the client-side code of your PWA. +1. Subscribe to your server's push messages. +1. Send push messages from the server-side code of your PWA. +1. Display notifications when push messages are received. -## Step 1 - Generate VAPID keys +## Step 1 - Request the user's permission to receive push notifications -Push notifications require VAPID (Voluntary Application Server Identification) keys in order to send push messages to the PWA client. There are several VAPID key generators available online (for example, [vapidkeys.com](https://vapidkeys.com)). +Before you can send push notifications to your PWA, you must request permission from the user to receive messages. To request permission, use the [Notification.requestPermission API](https://developer.mozilla.org/docs/Web/API/Notification/requestPermission_static) in your client-side code, such as when the user clicks a button: -After the keys are generated, you'll receive a JSON object that contains a public and private key. Save the VAPID keys for later use in the tutorial below. +```javascript +button.addEventListener("click", () => { + Notification.requestPermission().then(permission => { + if (permission === "granted") { + console.log("The user accepted to receive notifications"); + } + }); +}); +``` -For information about VAPID and WebPush, see [Sending VAPID identified WebPush Notifications using the Mozilla Push Service](https://blog.mozilla.org/services/2016/08/23/sending-vapid-identified-webpush-notifications-via-mozillas-push-service). +You can check the permission status again later: + +```javascript +if (Notification.permission === "granted") { + console.log("The user already accepted"); +} +``` ## Step 2 - Subscribe to push notifications -Service workers handle push events and toast notification interactions in your PWA. To subscribe the PWA to server push notifications: - -* Make sure your service worker is installed, active, and registered. -* Make sure your code for completing the subscription task is on the main UI thread of the PWA. -* Make sure you have network connectivity. +To receive push events from your server, subscribe to push notifications by using the [Push API](https://developer.mozilla.org/docs/Web/API/Push_API). Before a new push subscription is created, Microsoft Edge checks whether the user has granted the PWA permission to receive notifications. -If the user has not granted the PWA permission to receive notifications, the user is prompted by the browser for permission. If the user doesn't grant permission to the browser, the request to `registration.pushManager.subscribe` throws a `DOMException`, which must be handled. For more on permission management, go to [Push Notifications in Microsoft Edge](https://blogs.windows.com/msedgedev/2016/05/16/web-notifications-microsoft-edge#UAbvU2ymUlHO8EUV.97). +If the user hasn't granted the PWA permission to receive notifications, the user is prompted by the browser for permission. If the user doesn't grant permission to the browser, the request to `registration.pushManager.subscribe` throws a `DOMException`. -In your `pwabuilder-sw-register.js` file, append the following code: +The following code snippet shows how to subscribe to push notifications in your PWA: ```javascript -// Ask the user for permission to send push notifications. -navigator.serviceWorker.ready - .then(function (registration) { - // Check if the user has an existing subscription - return registration.pushManager.getSubscription() - .then(function (subscription) { - if (subscription) { - return subscription; - } - - const vapidPublicKey = "PASTE YOUR PUBLIC VAPID KEY HERE"; - return registration.pushManager.subscribe({ - userVisibleOnly: true, - applicationServerKey: urlBase64ToUint8Array(vapidPublicKey) - }); - }); +async function subscribeToPushMessages() { + const serviceWorkerRegistration = await navigator.serviceWorker.ready; + + // Check if the user has an existing subscription + let pushSubscription = serviceWorkerRegistration.pushManager.getSubscription(); + if (pushSubscription) { + // The user is already subscribed to push notifications + return; + } + + try { + // Subscribe the user to push notifications + pushSubscription = await serviceWorkerRegistration.pushManager.subscribe({ + userVisibleOnly: true, + applicationServerKey: urlBase64ToUint8Array("YOUR PUBLIC VAPID KEY HERE") }); + } catch (err) { + // The subscription wasn't successful. + console.log("Error", err); + } +} // Utility function for browser interoperability function urlBase64ToUint8Array(base64String) { - var padding = '='.repeat((4 - base64String.length % 4) % 4); - var base64 = (base64String + padding) - .replace(/\-/g, '+') - .replace(/_/g, '/'); - - var rawData = window.atob(base64); - var outputArray = new Uint8Array(rawData.length); - - for (var i = 0; i < rawData.length; ++i) { - outputArray[i] = rawData.charCodeAt(i); - } - return outputArray; + var padding = '='.repeat((4 - base64String.length % 4) % 4); + var base64 = (base64String + padding) + .replace(/\-/g, '+') + .replace(/_/g, '/'); + + var rawData = window.atob(base64); + var outputArray = new Uint8Array(rawData.length); + + for (var i = 0; i < rawData.length; ++i) { + outputArray[i] = rawData.charCodeAt(i); + } + return outputArray; } ``` -See also [PushManager](https://developer.mozilla.org/docs/Web/API/PushManager) and [Web-Push](https://www.npmjs.com/package/web-push#usage). +The VAPID key that's mentioned in the previous code snippet is a public key that's used to identify the server that sends the push messages and encrypt the push message payload. See [Step 3 - Send push messages from your server](#step-3---send-push-messages-from-your-server) for more information about VAPID keys. -## Step 3 - Listen for push notifications +## Step 3 - Send push messages from your server -After a subscription is created in your PWA, add handlers to the service worker to respond to push events. Push event are sent from the server to display toast notifications. Toast notifications display data for a received message. To do any of the following tasks, you must add a `click` handler: +Your application needs VAPID (Voluntary Application Server Identification) keys in order to send push messages from your server to your PWA clients. There are several VAPID key generators available online (for example, [Vapidkeys.com](https://vapidkeys.com)). -* Dismissing the toast notification. -* Opening a window. -* Putting focus on a window. -* Opening and putting focus on a new window to display a PWA client page. +Once you have a VAPID key, you can send push messages to your PWA clients by using [the Web Push Protocol](https://web.dev/push-notifications-web-push-protocol/). -To add a `click` handler, in your `pwabuilder-sw.js` file, add the following handlers for the `push` event and the `notificationclick` event: +You can use a library to send push messages from your server, depending on the programming language you use. For example, you can use the [web-push](https://github.com/web-push-libs/web-push) library if your server uses Node.js. Other libraries are available on the [WebPush libraries repo](https://github.com/web-push-libs/). -```javascript -// Respond to a server push with a user notification. -self.addEventListener('push', function (event) { - if (Notification.permission === "granted") { - const notificationText = event.data.text(); - const showNotification = self.registration.showNotification('Sample PWA', { - body: notificationText, - icon: 'images/icon512.png' - }); - // Make sure the toast notification is displayed. - event.waitUntil(showNotification); - } -}); - -// Respond to the user selecting the toast notification. -self.addEventListener('notificationclick', function (event) { - console.log('On notification click: ', event.notification.tag); - event.notification.close(); - - // Display the current notification if it is already open, and then put focus on it. - event.waitUntil(clients.matchAll({ - type: 'window' - }).then(function (clientList) { - for (var i = 0; i < clientList.length; i++) { - var client = clientList[i]; - if (client.url == 'http://localhost:1337/' && 'focus' in client) - return client.focus(); - } - if (clients.openWindow) - return clients.openWindow('/'); - })); -}); -``` -## Step 4 - Try it out - -To test push notifications for your PWA: - -1. Go to your PWA at `http://localhost:3000`. When your service worker activates and attempts to subscribe your PWA to push notifications, Microsoft Edge prompts you to allow your PWA to show notifications. Select **Allow**. +## Step 4 - Display notifications when push messages are received - ![Permission dialog for enabling notifications](./push-images/notification-permission.png) +After a subscription is created in your PWA (as shown in [Step 2 - Subscribe to push notifications](#step-2---subscribe-to-push-notifications)), add a `push` event handler in your service worker to handle push messages that are sent by your server. -1. Simulate a server-side push notification, as follows. With your PWA opened at `http://localhost:3000` in your browser, select **F12** to open DevTools. Select **Application** > **Service Worker** > **Push** to send a test push notification to your PWA. +The following code snippet shows how to display a notification when a push message is received: - The push notification is displayed near the taskbar. - - ![Push a notification from DevTools](./push-images/devtools-push.png) - - If you don't select (or _activate_) a toast notification, the system automatically dismisses it after several seconds and queues it in your Windows Action Center. - - ![Notifications in Windows Action Center](./push-images/windows-action-center.png) +```javascript +// Listen to push events. +self.addEventListener('push', event => { + // Check if the user has granted permission to display notifications. + if (Notification.permission === "granted") { + // Get the notification data from the server. + const notificationText = event.data.text(); + + // Display a notification. + const showNotificationPromise = self.registration.showNotification('Sample PWA', { + body: notificationText, + icon: 'images/icon512.png' + }); + // Keep the service worker running until the notification is displayed. + event.waitUntil(showNotificationPromise); + } +}); +``` ## See also -* [Web Push Notifications Demo](https://webpushdemo.azurewebsites.net) +* [Push notifications overview](https://web.dev/push-notifications-overview/). +* [How to make PWAs re-engageable using Notifications and Push](https://developer.mozilla.org/docs/Web/Progressive_web_apps/Tutorials/js13kGames/Re-engageable_Notifications_Push). diff --git a/microsoft-edge/web-platform/site-impacting-changes.md b/microsoft-edge/web-platform/site-impacting-changes.md index 52b4fbf967..0633a0ba60 100644 --- a/microsoft-edge/web-platform/site-impacting-changes.md +++ b/microsoft-edge/web-platform/site-impacting-changes.md @@ -50,7 +50,7 @@ This table lists: | Block external protocols in sandboxed frames by default | v103 | | Blocks the use of external protocols (that interact with non-browser applications) from sandboxed iframes unless permission is explicitly granted by the `sandbox` attribute on the frame. This change is happening in the Chromium project, on which Microsoft Edge is based. For more information, see the [Chrome Platform Status entry](https://chromestatus.com/feature/5680742077038592). | | Send CORS preflight requests for private network access | v104 | | Starting with v104, Microsoft Edge sends a CORS [preflight](https://developer.chrome.com/blog/private-network-access-preflight/) request before a page from the internet is allowed to request resources from a local network (intranet). The intranet server should respond to the preflight by providing explicit permission to access the resource. The result of this check is not yet enforced. Enforcement will begin in v111 at the earliest. This change is happening in the Chromium project, on which Microsoft Edge is based. For more information, see the [Chrome Platform Status entry](https://chromestatus.com/feature/5737414355058688) and [_Chrome Developers_ blog post](https://developer.chrome.com/blog/private-network-access-preflight/#rollout-plan). Two compatibility policies are available to suppress the CORS preflight request: [InsecurePrivateNetworkRequestAllowed](/deployedge/microsoft-edge-policies#insecureprivatenetworkrequestsallowed) and [InsecurePrivateNetworkRequestAllowedForUrls](/deployedge/microsoft-edge-policies#insecureprivatenetworkrequestsallowedforurls). | | New TLS server certificate verifier | v109 (unmanaged devices), v111 (managed devices) | | No site compatibility impacts are anticipated. If you have uncommon TLS server certificate deployments, you should test in v109 to confirm there's no impact. For more information and testing guidance, see [Changes to Microsoft Edge browser TLS server certificate verification](/deployedge/microsoft-edge-security-cert-verification). | -| Ignore modifications to `document.domain` by default | v116 | | The `document.domain` property historically could be set to relax the same-origin policy and allow subdomains from a site to interact. This behavior will be disabled by default such that setting the `document.domain` property will have no effect. For more information and workarounds, see [Microsoft Edge will disable modifying document.domain](/deployedge/edge-learnmore-origin-keyed-agent-cluster). | +| Ignore modifications to `document.domain` by default | v118 | | The `document.domain` property historically could be set to relax the same-origin policy and allow subdomains from a site to interact. This behavior will be disabled by default such that setting the `document.domain` property will have no effect. For more information and workarounds, see [Microsoft Edge will disable modifying document.domain](/deployedge/edge-learnmore-origin-keyed-agent-cluster). | | Removal of cross-origin subframe JavaScript dialogs | Future release (TBD) | | Removes `window.alert`, `window.prompt`, and `window.confirm` from cross-origin iframes. This change is happening in the Chromium project, on which Microsoft Edge is based. For more information, see [Intent to Remove: Cross origin subframe JS Dialogs](https://groups.google.com/a/chromium.org/g/blink-dev/c/hTOXiBj3D6A/m/JtkdpDd1BAAJ). | | Removal of mutation events | v127 | | Removes support for mutation events in Chromium. Use the [MutationObserver](https://developer.mozilla.org/docs/Web/API/MutationObserver) API instead. See [Intent to Deprecate: Mutation Events](https://groups.google.com/a/chromium.org/g/blink-dev/c/qDsKRU-cQ_4/m/isA1mZ_aAAAJ). |