From 4e1d063a577bc776f9784c24b47ce9d3ea4f5074 Mon Sep 17 00:00:00 2001 From: Yifan Luo Date: Thu, 9 Nov 2023 14:21:08 +0100 Subject: [PATCH 1/4] add public IPAddressSpace --- index.src.html | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/index.src.html b/index.src.html index 846ccb9..c1b78d0 100644 --- a/index.src.html +++ b/index.src.html @@ -527,7 +527,7 @@

Private Network Request

a change is not deemed worth the payoff for now. This can be shipped as an incremental improvement later on. - NOTE: Some [=local network requests=] are more challenging to secure than + NOTE: Some [=private network requests=] are more challenging to secure than others. See [[#rollout-difficulties]] for more details.

Additional CORS Headers

@@ -918,14 +918,17 @@

Fetching

"`Private-Network-Access-ID`" and |response|'s [=response/header list=]. - 1. if |targetId| is invalid, return a [=network error=]. + 1. if |targetId| does not a string of 6 hexadecimal bytes + separated by colons, return a [=network error=]. 1. Let |targetName| be the result of [=extracting header list values=] given "`Private-Network-Access-Name`" and |response|'s [=response/header list=]. - 1. if |targetName| is invalid, return a [=network error=]. + 1. if |targetName| does not match the [ECMAScript] regexp + /^[a-z0-9_-.]+$/ or has more than 248 UTF-8 code units, + return a [=network error=]. 1. Let |state| be the result of [=requesting permission to use=] the following descriptor: @@ -980,6 +983,10 @@

Fetch API

|request|'s [=request/client=] is a [=secure context=], then switch on |init|["{{RequestInit/targetAddressSpace}}"]:
+
public +
Set |request|'s [=target IP address space=] to [=IP address + space/public=] +
private
Set |request|'s [=target IP address space=] to [=IP address space/private=] From 0d95ff9810b27c724c9df4bb8db9b9f9cced4faf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luo=20Yifan=EF=BC=88=E7=BD=97=E4=B8=80=E5=87=A1=EF=BC=89?= Date: Thu, 9 Nov 2023 16:43:06 +0100 Subject: [PATCH 2/4] Apply suggestions from code review Co-authored-by: Jonathan Hao --- index.src.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/index.src.html b/index.src.html index c1b78d0..a2721dc 100644 --- a/index.src.html +++ b/index.src.html @@ -918,7 +918,7 @@

Fetching

"`Private-Network-Access-ID`" and |response|'s [=response/header list=]. - 1. if |targetId| does not a string of 6 hexadecimal bytes + 1. if |targetId| is not a string of 6 hexadecimal bytes separated by colons, return a [=network error=]. 1. Let |targetName| be the result of [=extracting header list @@ -989,7 +989,7 @@

Fetch API

private
Set |request|'s [=target IP address space=] to [=IP address - space/private=] + space/private=].
local
Set |request|'s [=target IP address space=] to [=IP address From 5c65f08a2f4eac05bbefb7b65c6b3d69a9f4a41c Mon Sep 17 00:00:00 2001 From: Yifan Luo Date: Thu, 9 Nov 2023 17:05:25 +0100 Subject: [PATCH 3/4] Fetch API --- index.src.html | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/index.src.html b/index.src.html index a2721dc..158ed99 100644 --- a/index.src.html +++ b/index.src.html @@ -339,6 +339,11 @@

Framework

IP Address Space

+ Define {{IPAddressSpace}} as follows: + 
+    enum IPAddressSpace { "public","private", "local" };
+
+ Every IP address belongs to an IP address space, which can be one of three different values: @@ -963,10 +968,6 @@

Fetch API

The Fetch API needs to be adjusted as well. - - Define {{IPAddressSpace}} as follows. - 
-        enum IPAddressSpace { "public","private", "local" };
-
- Append an optional [=map/entry=] to {{RequestInfo}}, whose [=map/key=] is targetAddressSpace, and [=map/value=] is a {{IPAddressSpace}}. @@ -975,17 +976,25 @@

Fetch API

IPAddressSpace targetAddressSpace; }; + + - Define a new {=targetAddressSpace=} representing the + above in [=request=]. + 
+        partial interface Request {
+          readonly attribute IPAddressSpace targetAddressSpace;
+        };
+
+ - The new Request(input, |init|) is appended with the following step right before setting [=this=]'s [=request=] to |request|: - 1. If |init|["{{RequestInit/targetAddressSpace}}"] [=map/exists=], and - |request|'s [=request/client=] is a [=secure context=], then switch on - |init|["{{RequestInit/targetAddressSpace}}"]: + 1. If |init|["{{RequestInit/targetAddressSpace}}"] [=map/exists=], then + switch on |init|["{{RequestInit/targetAddressSpace}}"]:
public -
Set |request|'s [=target IP address space=] to [=IP address - space/public=] +
Ignore it and keep |request|'s [=target IP address space=] as + null.
private
Set |request|'s [=target IP address space=] to [=IP address @@ -993,7 +1002,7 @@

Fetch API

local
Set |request|'s [=target IP address space=] to [=IP address - space/local=] + space/local=].

Forbidden header names

From da3866e136f7a2de867c9c74bebb05720b18c10b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luo=20Yifan=EF=BC=88=E7=BD=97=E4=B8=80=E5=87=A1=EF=BC=89?= Date: Fri, 10 Nov 2023 12:03:04 +0100 Subject: [PATCH 4/4] Apply suggestions from code review Co-authored-by: Jonathan Hao --- index.src.html | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/index.src.html b/index.src.html index 158ed99..b78bab5 100644 --- a/index.src.html +++ b/index.src.html @@ -341,7 +341,7 @@

IP Address Space

Define {{IPAddressSpace}} as follows: 
-    enum IPAddressSpace { "public","private", "local" };
+    enum IPAddressSpace { "public", "private", "local" };
Every IP address belongs to an @@ -993,8 +993,7 @@

Fetch API

switch on |init|["{{RequestInit/targetAddressSpace}}"]:
public -
Ignore it and keep |request|'s [=target IP address space=] as - null. +
Do nothing.
private
Set |request|'s [=target IP address space=] to [=IP address