From 20dee83ae9da52daa6319d899d07e4f602d9b1c4 Mon Sep 17 00:00:00 2001 From: Jeremy Roman Date: Wed, 1 Nov 2023 21:55:32 -0400 Subject: [PATCH] Update links to URLPattern spec --- no-vary-search.md | 2 +- triggers.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/no-vary-search.md b/no-vary-search.md index 7121fb4..06e52ee 100644 --- a/no-vary-search.md +++ b/no-vary-search.md @@ -373,7 +373,7 @@ Even for applications that are not usually client-side rendered, such a pattern We think these use cases are best addressed by a future addition, similar to `No-Vary-Search` in spirit but different in details. We call this hypothetical future proposal `No-Vary-Path`. -In particular, splitting apart query and path handling makes sense because their in-practice semantics are very different. Although at some level both are opaque strings, in various parts of the HTTP ecosystem (e.g. server runtimes, CDNs, URL APIs, etc.) paths are treated as an ordered series of slash-delimited strings, and queries are treated as a usually-unordered multimap. So the syntax for specifying how a path would contribute to key calculation, versus a query, would likely be different. (Concretely, we suspect path handling would be based on [URL patterns](https://github.com/WICG/urlpattern), which are good for describing varying paths but bad for describing varying queries.) +In particular, splitting apart query and path handling makes sense because their in-practice semantics are very different. Although at some level both are opaque strings, in various parts of the HTTP ecosystem (e.g. server runtimes, CDNs, URL APIs, etc.) paths are treated as an ordered series of slash-delimited strings, and queries are treated as a usually-unordered multimap. So the syntax for specifying how a path would contribute to key calculation, versus a query, would likely be different. (Concretely, we suspect path handling would be based on [URL patterns](https://urlpattern.spec.whatwg.org/), which are good for describing varying paths but bad for describing varying queries.) The security considerations for `No-Vary-Path` _might_ be trickier than [those for `No-Vary-Search`](#security-and-privacy-considerations), given the existence of shared hosting environments that are sometimes sharded by path alone. Although path is not usually recognized as a security boundary on the web platform, some features like [service workers](https://w3c.github.io/ServiceWorker/#path-restriction) have decided to add some path-based restrictions, so if we explore `No-Vary-Path` we'll need to carefully study their discussions and conclusions. diff --git a/triggers.md b/triggers.md index fd01b09..546e202 100644 --- a/triggers.md +++ b/triggers.md @@ -498,5 +498,5 @@ Another alternative would be to introduce a `Script` header, given that we’re [resource-hints]: https://github.com/w3c/resource-hints [selector-match]: https://drafts.csswg.org/selectors-4/#match-a-selector-against-an-element [selectors]: https://drafts.csswg.org/selectors/ -[urlpattern]: https://github.com/WICG/urlpattern +[urlpattern]: https://urlpattern.spec.whatwg.org/ [webdriver]: https://github.com/w3c/webdriver