privacycg/storage-access-headers

Issues

• Network roundtrips doubled for API requests

  #6 opened 9 months ago by petipp
  9

• The "Sec-" prefix is unnecessary

  #17 opened a month ago by sjledoux
  5

• Headers may limit possible Storage Access API policies

  #18 opened a month ago by sjledoux
  2

• Document security caveats of setting the `Activate-Storage-Access: retry` header

  #7 opened 3 months ago by arturjanc
  10

• Clarify: why is `load` required in addition to `retry`?

  #16 opened 3 months ago by drmercer-lucid
  4

• Consider restricting leakier no-cors requests to not use these headers

  #8 opened 3 months ago by bvandersloot-mozilla
  4

• Sending `Sec-Fetch-Storage-Access: none` on every cross-origin request seems wasteful

  #15 opened 3 months ago by ricea
  5

• Already cached responses should not initiate another inactive-retry-active flow

  #9 opened 4 months ago by dominikschreiber
  1

• Clarify `retry` semantics w.r.t. HTTP auth and redirects

  #12 opened 6 months ago by cfredric
  0

• An inactive-retry-active flow should be transparent for the embedder

  #10 opened 7 months ago by dominikschreiber
  0

• Alternative design: Consider integrating with CORS and HTML and Fetch

  #3 opened 7 months ago by bvandersloot-mozilla
  25

• Consider interaction with Storage partitioning

  #1 opened a year ago by bvandersloot-mozilla
  2

• Document a [non-iframe] embedded resource flow

  #4 opened 10 months ago by myok12
  1

• Clarify top-level resource usage

  #2 opened a year ago by bvandersloot-mozilla
  6