Clarification on Accept-CH Lifetime

[nicjansma]

Hi!

I wanted to make sure I understood the lifetime of Accept-CH across a browser session and/or restarts. There's a few different sets of documentation out there that touch on this a bit, but some contradict the others.

Ignoring other factors like ACCEPT_CH ALPS frames and <meta http-equiv="Accept-CH" ... HTML, how long does the Accept-CH browser header cache last?

The IETF draft appears to leave it up to to the user agent (i.e. doesn't specify behavior).

Experimentally in Chrome Canary (112.0.5576.0), I find that Accept-CH persists through a browser session, but not after a browser restart. This matches documentation or mentions from Client Hint Reliability, developer.chrome.com and developer.mozilla.org.

This repo's documentation mentions Caching, but from a Vary POV and not a browser-session POV.

However, the Chromium Source Code contradicts the above and mentions:

Every subsequent request to an origin will contain those extra client hint request headers, as described in the HTTP Client Hints specification. This cache is cleared when session cookies are cleared, or when a user clears site data or cookies for a given origin.

and the Caching section:

This storage is marked as content_settings::SessionModel::Durable. This means that the client hint settings are read in from disk on browser start up and loaded into memory. Practically, this means that the client hint settings persist until the user clears site data or cookies for the origin.

The above statements do not seem to hold true in latest Canary though. Is that documentation out of date possibly?

My request would be to give clarity about browser header life-time, possibly in the Caching Considerations section alongside the Vary notes.

I'm happy to submit a PR if that's the case, but wanted to make sure I wasn't missing something in the behavior (or other documentation) first.

Thanks!

[arichiv]

It looks like the client hints cache should persist between browser sessions: https://source.chromium.org/chromium/chromium/src/+/main:components/content_settings/core/browser/website_settings_registry.cc;l=179;drc=f775d850d7f5beebd9308f5d02111d6069083b28;bpv=0;bpt=1

However the persistence of the cache is marked as lossy so there may be some chance it's not being written? Although I would assume all lossy caches are at least written on normal browser close.

It seems like that comment that "cache is cleared when session cookies are cleared" is false, as it should persist unless all cookies are cleared manually.

Can you detail how you tested the persistence?

@yoavweiss if I'm missing something

[miketaylr]

It seems like that comment that "cache is cleared when session cookies are cleared" is false, as it should persist unless all cookies are cleared manually.

Yeah, that should just say "cookies and other site data", right?

[nicjansma]

I was just using user-agent-client-hints.glitch.me for testing, i.e. asking for Sec-CH-UA-Platform-Version

Browser Restart Scenario:

1. Nav to https://user-agent-client-hints.glitch.me/headers?uach=Sec-CH-UA-Platform-Version
   • Client requests with default hints, i.e. w/out Sec-CH-UA-Platform-Version
   • Server sends Accept-CH: Sec-CH-UA-Platform-Version
2. Reload of the same page
   • Client requests with Sec-CH-UA-Platform-Version
   • Server sends Accept-CH: Sec-CH-UA-Platform-Version
3. Close browser
4. Open Browser
5. Nav to https://user-agent-client-hints.glitch.me/headers?uach=Sec-CH-UA-Platform-Version
   • Client requests with default hints, i.e. w/out Sec-CH-UA-Platform-Version <-- this shows browse restarts don't persist Accept-CH
   • Server sends Accept-CH: Sec-CH-UA-Platform-Version
6. Reload of the same page
   • Client requests with Sec-CH-UA-Platform-Version
   • Server sends Accept-CH: Sec-CH-UA-Platform-Version

[miketaylr]

Thanks @nicjansma - I filed https://bugs.chromium.org/p/chromium/issues/detail?id=1413216 to investigate.

[arichiv]

I'm not seeing this reproduce locally. If I load and refresh https://user-agent-client-hints.glitch.me/headers?uach=Sec-CH-UA-Platform-Version so that the hint is included it works. If I open a new window or tab and load the page the hint appears without needing a reload. If I close all tabs and windows and re-open the browser and load https://user-agent-client-hints.glitch.me/headers?uach=Sec-CH-UA-Platform-Version it's still there without a refresh.

[Tanych]

I'm also not seeing any unexpected behavior in the above scenarios, another note is that you won't see client hints change in the first request header after you change the accept_ch list in the response header because client is unaware of the server’s most recent preferences. All sub-requests will notice the accept_ch header changes. You can use critical_ch, If corresponding client hints headers didn't send in the original request, the user agent will retry the request along with the client hints headers rather than render the page.

[nicjansma]

Ok, I've done some additional testing:

• On macOS Monterey / 111.0.5554.0, Accept-CH hints are persisted between restarting Chrome Canary
• On Windows 11 / 112.0.5576.0, Accept-CH hints are not persisted between restarting Chrome Canary

So maybe this is just a Windows bug? I haven't tested Android yet either.

(I'm not using an In Private session or anything to test, just closing and re-opening a vanilla Canary browser).

Back to my main question though: If I'm understanding the comments above correctly, the intent is for Accept-CH hints to persist not only through the browsing session (which I think people generally understand to be until the browser closes), but across browser restarts as well, correct?

If so, when I'm reading documentation explaining hints ([1] [2]) etc, that talk about hint lifetimes persisting "for the browsing session" are accurate, but not complete, and could improve clarity by saying something like "for the browsing session and persisted (through browser restarts) until the site's data is cleared", or something.

i.e. MDN even says:

In other words, the request for a specific set of hints does not expire until the browser is shut down

Happy to file tickets or make these changes for those docsets to clarify, just making sure I understand the intent :)

[Tanych]

@nicjansma initially client hints only persist on browsing session level, however, starting from M103, we made the client hints persisted even browser restarts. we probably need to clean up some documents to avoid the confusion.

context: https://bugs.chromium.org/p/chromium/issues/detail?id=1296339

I tested the latest chrome canary on Android and mac os:

• 112.0.5579.0 on mac os. has no issue when restart.
• 112.0.5579.0 on Android (pixel 5) has no issue when restart.

I will try to verify any issues in Windows 11 as well.

[Tanych]

The latest canary should fix the persisted client hints issue on Windows.

[nicjansma]

@Tanych that's great! I'll followup with trying to get those other docsets updated. I'll probably open a PR for this repo too to add that clarification in the explainer, if that's OK.