Closed noamr closed 2 years ago
yoavweiss
commented
2 years ago This recent blog post contains some examples of very large favicons. Notable examples are Discord at 280KB and and another at 7MB. Not reporting them would mean that this is a problem developers cannot know about, and hence are unlikely to fix.
/ht @clelland
noamr
commented
2 years ago I checked the webkit implementation, it does indeed have some special handling of favicons, but mostly after the icon is loaded. The icon is fetched in the normal way, and also FETCH mentions favicons as having an "image" destination in terms of CSP.
So maybe it's ok to keep this behavior, but decide on the initiator type (should be link I believe), and add a WPT that shows that favicons don't expose visited info.
yoavweiss
commented
2 years ago Keeping the behavior (and properly specifying/testing it, with a link initiator type) SGTM
Favicon links do not trigger a link "onload", but they do trigger a resource timing entry when accessed. Are favicons a "resource", or some general hint to the browser? Does this expose any privacy issues, maybe "visited" type information?