Comments (4)
RIght, it's not an enforcer. We leave that up to the site author because there are so many enforcement options you might want.
Agree that PauseDocument is important for this proposal. However you have the alternative of unloading frames that grow too large and are of limited importance to the site.
In terms of ads and logging, don't forget the ad-network is also likely to want to track the creatives they show and which of them exceed limits and by how much.
from transfer-size.
I should note that, in my mind, this explainer is out of date. I'd like to shift to a TransferSizePolicy that automatically enforces limits by gradually throttling the network requests of the frame after the limit is exceeded. There would be no event at all. The primary reason for this change is to limit leakage of x-origin size information.
from transfer-size.
@jkarlin Could you expand on how you see gradual throttling working in practice? e.g origin foo.com exceeds a budget of 500KB and continues to request more resources. Would each subsequent request or set of requests simply be fetched slower? This model is much simpler than the one previously summarized here but I think it's still of high value and makes sense in the context of avoiding x-origin leakage of size data.
I'd love to learn more about the timelines for our plans here (given other types of policies have already started to land for feature policies V1).
from transfer-size.
Yes, the ongoing and subsequent requests would slow down a little bit, ramping down to 2G speeds (or perhaps less) after awhile. I'm afraid I haven't really thought about specifics. I worry about details like, what if you set the budget to 10KB, does it even make sense that it won't throttle down to 2G speeds until the frame is at (say) 1MB or more?
Timeline wise, I think we're more interested in using this as an intervention mechanism in Chrome, seeing how it works, and potentially exposing it via web api if we find it useful. So it'll be a bit down the road.
from transfer-size.
Related Issues (16)
- TAO opt-in: pros, cons, and implementation HOT 3
- Setting transfer size in the response header? HOT 2
- Report-only mode HOT 2
- CSS property for TSP? HOT 11
- Header vs attribute configuration HOT 1
- Specifying limits in iframe request headers
- Document resource-types supported in transfersize HOT 1
- transfer-size as a Feature-Policy? HOT 2
- Is this still active? HOT 2
- How do we do data accounting for ServiceWorker requests? HOT 12
- Accounting with encodedBodySize doesn't work with SDCH HOT 4
- Mitigating the cross-origin size leak if we don't use TAO opt-in
- Restrictions modified by browser config or platform flag? HOT 2
- Scenario: video playback HOT 25
- Request to rename Content Size Policy to Network Policy HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from transfer-size.