Early design review: Back/forward cache NotRestoredReasons API

[rubberyuzu]

Braw mornin' TAG!

I'm requesting a TAG review of Back/forward cache NotRestoredReasons API.

• Explainer¹ (minimally containing user needs and example code): Explainer
• User research: N/A
• Security and Privacy self-review²: Questionnaire
• GitHub repo (if you prefer feedback filed there): [GitHub Repo(https://github.com/rubberyuzu/bfcache-not-retored-reason)]
• Primary contacts (and their relationship to the specification):
  • Yuzu Saijo @rubberyuzu Google Chrome
• Organization/project driving the design: Google (BFCache team)
• External status/issue trackers for this feature (publicly visible, e.g. Chrome Status): Chrome status

Further details:

• [✓] I have reviewed the TAG's Web Platform Design Principles
• The group where the incubation/design work on this is being done (or is intended to be done in the future): The explainer will stay in personal repo.
• The group where standardization of this work is intended to be done ("unknown" if not known): WHATWG
• Existing major pieces of multi-stakeholder review or discussion of this design:Navigation Timing API GitHub issue
• Major unresolved issues with or opposition to this design: Avoid browser specific reasons
• This work is being funded by: Google

We'd prefer the TAG provide feedback as : 🐛 open issues in our GitHub repo for each point of feedback

[torgo]

hi @rubberyuzu thanks for this. We're picking it up now and discussing in the context of other bfcache-related reviews. One thing that came to my attention: since this is telemetry there should probably be additional scrutiny about the privacy-related aspects of this proposal. You've indicated that there's a privacy & security section but I think we'd like to see more detail here.

From @cynthia : If there's an extension that modifies the website or runs any extra scripts on the website that will trigger a potential leak of some information about the user.

[rubberyuzu]

Thanks for the review! I added a more detailed explanation on security and privacy here: explainer

[cynthia]

Discussed in this week's breakouts. We've reviewed the updated explainer, and are happy to see this move forward. Thanks for bringing this to our attention.

Please don't forget about the potential risks of extension leakage in the actual implementation, as we believe that is an actual risk.