Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create F2F agenda - 20 September 2016 #974

Closed
jakearchibald opened this issue Sep 8, 2016 · 4 comments
Closed

Create F2F agenda - 20 September 2016 #974

jakearchibald opened this issue Sep 8, 2016 · 4 comments

Comments

@jakearchibald
Copy link
Contributor

jakearchibald commented Sep 8, 2016

Where: TPAC Auditorium III, first floor
When: 9am

Draft agenda:

@jakearchibald
Copy link
Contributor Author

We get one day this time, so it'd be nice to limit v1 stuff to the essentials, and leave the nitty gritty to hallway tracks. @jungkees, any particular issues you want to look at?

I think it's been awhile since we reviewed foreign fetch, so I'd like to do that. @mkruisselbrink, are you happy with that?

Also we'll have special guest star @annevk joining us, so it feels like we should take the opportunity to tackle fetch stuff.

@LJWatson
Copy link

LJWatson commented Sep 8, 2016

Thanks @jakearchibald

If you could post the agenda to the Service Workers meeting when you've figured it out, that'd be lovely. Thanks.

@mkruisselbrink
Copy link
Collaborator

I think it's been awhile since we reviewed foreign fetch, so I'd like to do that. @mkruisselbrink, are you happy with that?

Feel free to review foreign fetch, but I'm unfortunately not going to be at TPAC.

@jakearchibald
Copy link
Contributor Author

HEIST chat:

  • Could cross origin resources count against the other origin's quota?
    • But what about persistent storage?
    • What about clearing out the origin?
    • What about "bombing" another origin's storage usage?
      • Could assign "blame" for individual requests
    • Does padding already solve this?
  • Advert iframes want to display credentialed content, but the load event is potentially a privacy leak through timing

Resolution:

  • Investigate Mike's suggestion above
  • Continue with the bucketing solution with storage - if it works out propose it for the spec
  • HEIST continues to be a problem - should it be mitigated at on an API per API level, or opt-in via same-site cookies

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants