search

WICG / soft-navigations

Heuristics to detect Single Page Apps soft navigations
https://wicg.github.io/soft-navigations/
Other
46 stars 6 forks source link

Address Security / Privacy issues #9

Closed rowan-m closed 1 year ago

rowan-m commented 1 year ago

It would be helpful to have a section on any security and privacy issues considered in this. I don't see a mention here or on https://github.com/w3c/performance-timeline

The initial thing I'm unclear on is if clearing storage also clears navigations? Asking as an SPA clearly does blur the boundary (as the proposal highlights!) on a navigation and I'm unsure about what state would persist there.

yoavweiss commented 1 year ago

Thanks for filing this!! This made me think deeply about the information exposed, add tests that verify there isn't anything unpredictable and document it all. I'll push a PR shortly.

The initial thing I'm unclear on is if clearing storage also clears navigations?

This is not something we've considered. Soft navigations still maintain the same window element with all its (ephemeral) state, so it's unclear to me how clearing storage is related to soft navigations.

yoavweiss commented 1 year ago

https://github.com/WICG/soft-navigations#privacy-and-security-considerations now contains what I had in mind on information this proposal exposes and mitigations.

rowan-m commented 1 year ago

Super helpful, thank you!