Open domenic opened 4 years ago
This is important, since (at least) Chrome will not allow document-initiated navigations to abort browser-UI-triggered navigations.
https://github.com/whatwg/html/issues/2414 is related
I might solve this at least partially in https://github.com/WICG/app-history/pull/63, although fully closing it would involve updating the Sec-Fetch-Site spec.
I guess it would impact how Sec-Fetch-Site
is defined? I suspect the primitive here is request's client being null, which has a number of issues in Fetch...
Sorry, yes, both the OP and my response say "Sec-Fetch-Dest" but the header in question is actually "Set-Fetch-Site". (I've edited both now.) Per https://w3c.github.io/webappsec-fetch-metadata/#directly-user-initiated it's currently defined in terms of HTML's
A user agent may provide various ways for the user to explicitly cause a browsing context to navigate, in addition to those defined in this specification.
which is also something app history wants to hook into.
The connection to null clients is quite interesting; it'd be good to straighten that out indeed... I'll give it a look.
It would be good to provide a more solid spec foundation for https://w3c.github.io/webappsec-fetch-metadata/#directly-user-initiated; perhaps most of that section should move into HTML, replacing the current vague phrase
Besides
Sec-Fetch-Site
, this also causes browsing context swaps---at least in Chromium---and getting that specified and tested would be good. (See #5350.)