forked from WICG/webpackage
-
Notifications
You must be signed in to change notification settings - Fork 0
/
loading.bs
1915 lines (1605 loc) · 86.8 KB
/
loading.bs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<pre class='metadata'>
Title: Loading Signed Exchanges
Shortname: web-package-loading
Level: none
Status: CG-DRAFT
Group: WICG
Repository: WICG/webpackage
URL: https://wicg.github.io/webpackage/loading.html
Editor: Jeffrey Yasskin, Google Inc. https://google.com/, [email protected], w3cid 72192
Abstract: How UAs load signed exchanges.
Complain About: accidental-2119 yes, missing-example-ids yes
Markup Shorthands: markdown yes, css no
Assume Explicit For: yes
</pre>
<pre class='biblio'>
{
"draft-ietf-httpbis-variants": {
"authors": [
"Mark Nottingham"
],
"href": "https://httpwg.org/http-extensions/draft-ietf-httpbis-variants.html",
"title": "HTTP Representation Variants",
"status": "WD",
"publisher": "IETF"
},
"draft-thomson-http-mice": {
"authors": [
"Martin Thomson"
],
"href": "https://tools.ietf.org/html/draft-thomson-http-mice-03",
"title": "Merkle Integrity Content Encoding",
"status": "ED",
"publisher": "IETF"
},
"draft-yasskin-http-origin-signed-responses": {
"authors": [
"Jeffrey Yasskin"
],
"href": "https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html",
"title": "Signed HTTP Exchanges",
"status": "ED",
"publisher": "IETF"
},
"draft-yasskin-httpbis-origin-signed-exchanges-impl-02": {
"authors": [
"Jeffrey Yasskin",
"Kouhei Ueno"
],
"href": "https://tools.ietf.org/html/draft-yasskin-httpbis-origin-signed-exchanges-impl-02",
"title": "Signed HTTP Exchanges Implementation Checkpoints",
"status": "ED",
"publisher": "IETF"
},
"draft-yasskin-httpbis-origin-signed-exchanges-impl-03": {
"authors": [
"Jeffrey Yasskin",
"Kouhei Ueno"
],
"href": "https://tools.ietf.org/html/draft-yasskin-httpbis-origin-signed-exchanges-impl-03",
"title": "Signed HTTP Exchanges Implementation Checkpoints",
"status": "ED",
"publisher": "IETF"
},
"draft-ietf-wpack-bundled-responses": {
"authors": [
"Jeffrey Yasskin"
],
"href": "https://wpack-wg.github.io/bundled-responses/draft-ietf-wpack-bundled-responses.html",
"title": "Web Bundles",
"status": "ED",
"publisher": "IETF"
},
"http-dig-alg": {
"href": "https://www.iana.org/assignments/http-dig-alg/http-dig-alg.xhtml",
"title": "Hypertext Transfer Protocol (HTTP) Digest Algorithm Values",
"status": "LS",
"publisher": "IANA"
},
"RFC8446": {
"authors": [
"E. Rescorla"
],
"href": "https://tools.ietf.org/html/draft-ietf-tls-tls13",
"title": "The Transport Layer Security (TLS) Protocol Version 1.3",
"status": "WD",
"publisher": "IETF"
},
"SHA2": {
"href": "http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf",
"title": "FIPS PUB 180-4, Secure Hash Standard"
}
}
</pre>
<pre class='anchors'>
spec: app-manifest; urlPrefix: https://w3c.github.io/manifest/#
text: start URL; type: dfn; url: dfn-start-
spec: RFC3230; urlPrefix: https://tools.ietf.org/html/rfc3230#
type: http-header
text: Digest; url: section-4.3.2
spec: RFC5280; urlPrefix: https://tools.ietf.org/html/rfc5280#
type: dfn
text: AlgorithmIdentifier; url: section-4.1.1.2
text: Subject Public Key Info; url: section-4.1.2.7
text: Certificate Extensions; url: section-4.2
spec: RFC5480; urlPrefix: https://tools.ietf.org/html/rfc5480#
type: dfn
text: id-ecPublicKey; url: section-2.1.1
text: secp256r1; url: section-2.1.1.1
spec: RFC6960; urlPrefix: https://tools.ietf.org/html/rfc6960#
text: OCSPResponse; type: dfn; url: section-4.2.1
spec: RFC6962; urlPrefix: https://tools.ietf.org/html/rfc6962#
text: SignedCertificateTimestampList; type: dfn; url: section-3.3
spec: RFC9162; urlPrefix: https://tools.ietf.org/html/rfc9162#
text: TransItemList; type: dfn; url: section-6.3
spec: RFC7231; urlPrefix: https://tools.ietf.org/html/rfc7231#
type: dfn
text: HTTP media type; url: section-3.1.1.1
text: Vary; url: section-7.1.4
type: http-header
text: Date; url: section-7.1.1.2
spec: RFC7230; urlPrefix: https://tools.ietf.org/html/rfc7230#
type: dfn
text: field-name; for: http; url: section-3.2
type: grammar
text: quoted-string; url: section-3.2.6
text: token; url: section-3.2.6
spec: RFC8288; urlPrefix: https://tools.ietf.org/html/rfc8288#
type: dfn
text: Target Attribute; url: section-2.2
text: Link Target; url: section-3.1
text: Link Context; url: section-3.2
text: Relation Type; url: section-3.3
text: Serialisation-Defined Target Attribute; url: section-3.4
text: Parsing a Link Field Value; url: appendix-B.2
type: http-header
text: Link; url: section-3
spec: RFC8446; urlPrefix: https://tools.ietf.org/html/draft-ietf-tls-tls13-28#
text: ecdsa_secp256r1_sha256; type: dfn; url: section-4.2.3
spec: draft-ietf-httpbis-variants; urlPrefix: https://httpwg.org/http-extensions/draft-ietf-httpbis-variants.html#
type: dfn
text: Variants cache behavior; url: cache
type: http-header
text: Variant-Key; url: variant-key
text: Variants; url: variants
spec: draft-thomson-http-mice; urlPrefix: https://tools.ietf.org/html/draft-thomson-http-mice-03#
type: dfn
text: mi-sha256 parameter; url: section-3.1
text: integrity proof for the first record; url: section-2.2
spec: draft-ietf-wpack-bundled-responses; urlPrefix: https://wpack-wg.github.io/bundled-responses/draft-ietf-wpack-bundled-responses.html#
type: dfn
text: parsing a CBOR item; url: parse-known-length
spec: draft-yasskin-http-origin-signed-responses; urlPrefix: https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html#
type: dfn
text: off-path attackers; url: seccons-off-path
text: uncached response header; url: uncached-headers
spec: draft-yasskin-httpbis-origin-signed-exchanges-impl-02; urlPrefix: https://tools.ietf.org/html/draft-yasskin-httpbis-origin-signed-exchanges-impl-02#
type: dfn
text: canonically-encoded CBOR; url: section-3.4
text: CanSignHttpExchanges; url: section-4.2
text: cert-chain CDDL; url: section-3.3
spec: draft-ietf-httpbis-header-structure; urlPrefix: https://tools.ietf.org/html/draft-ietf-httpbis-header-structure-07#
text: Parsing HTTP1 Header Fields into Structured Headers; type: dfn; url: section-4.2
spec: http-dig-alg; urlPrefix: https://www.iana.org/assignments/http-dig-alg/http-dig-alg.xhtml#
type: dfn; text: Digest algorithm; url: http-dig-alg-1
spec: html; urlPrefix: https://html.spec.whatwg.org/multipage/
type: attr-value;
for: link/rel; text: alternate; url: links.html#rel-alternate
for: link/rel; text: prefetch; url: links.html#link-type-prefetch
for: link/rel; text: preload; url: links.html#link-type-preload
type: element-attr;
for: link; text: crossorigin; url: semantics.html#attr-link-crossorigin
for: link; text: href; url: semantics.html#attr-link-href
type: dfn;
text: Anonymous; url: urls-and-fetching.html#attr-crossorigin-anonymous
text: CORS settings attribute; url: urls-and-fetching.html#cors-settings-attribute
text: creating a potential-cors request; url: urls-and-fetching.html#create-a-potential-cors-request
text: fetch and process the linked resource; url: semantics.html#fetch-and-process-the-linked-resource
text: linked resource fetch setup steps; url: semantics.html#linked-resource-fetch-setup-steps
text: navigation params; url: browsing-the-web.html#navigation-params
text: process the linked resource; url: semantics.html#process-the-linked-resource
text: response; for: navigation params; url: browsing-the-web.html#navigation-params-response
text: selecting an image source; url: images.html#select-an-image-source
text: Use Credentials; url: urls-and-fetching.html#attr-crossorigin-use-credentials
text: Page load processing model for HTML files; url: browsing-the-web.html#read-html
spec: SHA2; urlPrefix: http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
type: dfn
text: SHA-256; url: #
spec: CSS2; urlPrefix: https://drafts.csswg.org/css2/
type: dfn
text: viewport; url: #viewport
</pre>
<pre class='link-defaults'>
spec:fetch; type:dfn; for:/; text:response
spec:streams; type:interface; text:ReadableStream
spec:html; type:element; text:link
</pre>
<section class="non-normative">
# Introduction # {#intro}
<em>This section is non-normative.</em>
The Signed Exchanges specification
[[draft-yasskin-http-origin-signed-responses]] describes a way to provide one or
more signatures for an HTTP exchange and to check whether any of those
signatures is trusted as authoritative for a particular origin. This
specification describes how web browsers load those exchanges. It is expressed
as several monkeypatches to the [[FETCH]] specification which call algorithms
defined here.
## Overview ## {#overview}
When fetching a resource (`https://distributor.example.org/foo.sxg`) with the
`application/signed-exchange` [=MIME type=], the UA parses it, checks its
signatures, and then if all is well, redirects to its request URL
(`https://publisher.example.org/foo`) with a "stashed" exchange attached to the
request. The redirect applies all the usual processing, and then when it would
normally check for an HTTP cache hit, it also checks whether the stashed request
matches the redirected request and which of the stashed exchange or HTTP cache
contents is newer. If the stashed exchange matches and is newer, the UA returns
the stashed response.
A Service Worker for `https://distributor.example.org/` gets to handle the
original request. A Service Worker for `https://publisher.example.org/` can then
handle the redirect. If it needs to know that signed exchange content is
available for the request it's handling, it has two options:
1. If {{ServiceWorkerRegistration/navigationPreload}} is enabled, the signed
response will be available in the {{FetchEvent}}'s
{{FetchEvent/preloadResponse}}. Note that this will also cause a network
request for requests that aren't served from a signed exchange.
1. {{Request/clone()}} the {{FetchEvent/request}} and set its {{Request/cache}}
to {{RequestCache/"only-if-cached"}}, to retrieve the matching response from
either the signed exchange or the HTTP cache. Note that
{{WindowOrWorkerGlobalScope/fetch()}}ing a *new* {{Request}} with the same
{{Request/url}} will *not* retrieve the response from the signed exchange.
## Other interesting details ## {#details}
* Like with `<link rel="prefetch">` and `<link rel="preload">`, the UA will use
the stashed response even if its HTTP cache headers have expired. This makes
it easier to specify that the contents of the signed exchange don't wind up
in the HTTP cache before our security reviewers have gotten comfortable with
that idea. The publisher can still control resource expiration by setting
the Signature header's [=exchange signature/expiration time=] to the cache
expiration time if that's sooner than they'd otherwise have the signature
expire.
</section>
# Fetch monkeypatches # {#monkeypatches}
When fetching a signed exchange, the UA needs to look for a trusted and valid
signature and then redirect to the contained resource. We don't put the
contained resource in the HTTP cache, so redirects get a new field to store it.
## A request's stashed exchange ## {#mp-request-stashed-exchange}
A [=request=] has an associated <dfn for="request">stashed exchange</dfn>, which
is null or an [=exchange=].
<h3 algorithm id="mp-request-clone">Request clone</h3>
Rewrite [=request/clone|clone a request=] to run these steps:
<ol>
<li>Let |newRequest| be a copy of |request|, except for its [=request/body=]
<ins>and [=request/stashed exchange=]</ins>.
<li>If |request|'s [=request/body=] is non-null, set |newRequest|'s
[=request/body=] to the result of [=body/cloning=] |request|'s
[=request/body=].
<li><ins>If |request|'s [=request/stashed exchange=] is non-null, set
|newRequest|'s [=request/stashed exchange=] to an exchange whose
[=exchange/request URL=] is a copy of |request|'s [=request/stashed
exchange=]'s [=exchange/request URL=] and whose [=exchange/response=] is the
[=response/clone=] of |request|'s [=request/stashed exchange=]'s
[=exchange/response=].</ins>
<li>Return |newRequest|.
</ol>
## New response fields ## {#mp-response}
A [=response=] has an associated <dfn for="response" lt="came from a signed
exchange|did not come from a signed exchange">came from a signed exchange</dfn>
boolean. Unless stated otherwise, it is false.
A [=response=] has an associated <dfn for="response">signed exchange outer
header list</dfn> (a [=header list=]). Unless stated otherwise it is empty.
A [=response=] has an associated <dfn for="response">header integrity
value</dfn>, either null or, for responses that [=response/came from a signed
exchange=], a [=byte sequence=] holding the [=SHA-256=] hash that verified the
[=exchange/response=]'s [=response/header list=]. Unless stated otherwise, it is
null.
Note: The [=response/header integrity value=] doesn’t change even if the
publisher signs the content again or changes the signing key, but it does change
if any of the headers or body change. (It catches changes to the body because a
valid signed exchange's headers have to include a `Digest` value that covers the
body.)
<h3 algorithm id="mp-response-date">Response date</h3>
A [=response=] |response|'s <dfn for="response">date</dfn> is the result of:
1. Let |date| be the result of [=extracting header list values=] given `` `Date`
`` and |response|'s [=response/header list=].
1. If |date| is a failure, return the point in time of the beginning of the
universe.
1. Return the point in time represented by |date|, as interpreted for the <a
http-header>Date</a> header field.
<h3 algorithm id="mp-http-fetch">Monkeypatch HTTP fetch</h3>
In [=HTTP fetch=], before
> 5. If |actualResponse|’s [=response/status=] is a [=redirect status=], then:
> ...
add the following steps:
5. If the [=signed exchange version=] of |actualResponse| is:
<dl class="switch">
: undefined
:: Do nothing.
: `"b2"` or `"b3"`
::
1. Let |report| be the result of [=create a new signed exchange report=]
with |request| and |actualResponse|.
1. Let |parsedExchange| be the result of [=parsing a signed
exchange=] of version `b2` or `b3`, respectively, from
|actualResponse| in the context of |request|'s [=request/client=],
reporting to |report|.
1. If |parsedExchange| is not an [=exchange=], run
[=queue a signed exchange report=] |report| with
|parsedExchange| as the result, and return a [=network error=].
1. [=In parallel=], [=wait and queue a report for=] |parsedExchange| and
|report|.
1. Set |actualResponse|'s [=status=] to `303`.
1. [=header list/Set=] |actualResponse|'s `` `Location` `` header to
the [=ASCII encoding=] of the [=URL serializer|serialization=]
of |parsedExchange|'s [=exchange/request URL=].
1. Set |request|'s [=request/stashed exchange=] to |parsedExchange|.
: Anything else
::
1. Let |fallbackUrlBytes| be the result of [=extracting the fallback
URL=] from |actualResponse|.
1. If |fallbackUrlBytes| is a failure, return a [=network error=].
1. Set |actualResponse|'s [=status=] to `303`.
1. [=header list/Set=] |actualResponse|'s `` `Location` `` header to
|fallbackUrlBytes|.
</dl>
Note: The final [[draft-yasskin-http-origin-signed-responses]] will use a
version of `` `1` ``, but this specification tracks what's actually
implemented in browsers, which still uses draft versions.
<h3 algorithm id="mp-http-network-or-cache-fetch">Monkeypatch HTTP-network-or-cache fetch</h3>
In <a spec="fetch">HTTP-network-or-cache fetch</a>, after
> 5.19. If |httpRequest|’s [=request/cache mode=] is neither "`no-store`" nor
> "`reload`", then: ...
add the following steps:
20. If |httpRequest|'s [=request/stashed exchange=] isn't null:
1. Let |stashedExchange| be |httpRequest|'s [=request/stashed exchange=].
1. If
* |httpRequest| [=matches the stored exchange=] |stashedExchange| and
* |response| is null or |response|'s [=response/date=] is earlier than
|httpRequest|'s [=request/stashed exchange=]'s
[=exchange/response=]'s [=response/date=]
then set |response| to |httpRequest|'s [=request/stashed exchange=]'s
[=exchange/response=].
1. If |response| is null and |httpRequest|'s [=request/initiator=] is
"`prefetch`" or "`preload`", return a [=network error=].
Note: This ensures that prefetching a signed exchange from one origin
won't accidentally do a network request from another origin, which could
[compromise the user's
privacy](https://wicg.github.io/webpackage/draft-yasskin-wpack-use-cases.html#private-prefetch).
Note: Applying the signed exchange's response here has the effect of letting a
newer HTTP cache entry override a signed exchange's content, and of not storing
the signed exchange's response in the HTTP cache.
# Subresource substitution # {#subresource-substitution}
When prenavigating to a page held in a signed exchange, it can be useful to
also prefetch subresources of that page as signed exchanges from the same
server. To identify those transitive prefetchable resources, this section
introduces an extension to the HTTP <a http-header>Link</a> header.
<div class="example" id="example-alternate-signed-exchange-link">
The following is an example HTTP response for
`https://feed.example/sxg.publisher.example/page.html.wbn` showing the right
Link headers to let a browser prefetch subresources.
```http
Content-Type: application/signed-exchange;v=b3
Link: <https://feed.example/sxg.publisher.example/lib.js.sxg>;
rel="alternate";
type="application/signed-exchange";
anchor="https://cdn.publisher.example/lib.js"
A signed exchange, whose request URL is https://sxg.publisher.example/page.html:
Content-Type: text/html
Link: <https://cdn.publisher.example/lib.js>;
rel="preload";
as="script"
Link: <https://cdn.publisher.example/lib.js>;
rel="allowed-alt-sxg";
header-integrity="sha256-XXXXXX"
<html>
<head>
<script src="https://cdn.publisher.example/lib.js"></script>
</head>
...
</html>
```
If another page includes a `<link rel="prefetch"
href="https://feed.example/sxg.publisher.example/page.html.wbn">`, the above
response allows it to transitively prefetch a signed exchange that it can use to
satisfy the `https://cdn.publisher.example/lib.js` `<script>` element.
</div>
* Link type "<dfn attr-value for="link/rel">allowed-alt-sxg</dfn>"
The <{link/rel/allowed-alt-sxg}> keyword may be used in the HTTP <a
http-header>Link</a> header of the inner HTTP response of the main resource
signed exchange to indicate that the content of the [=Link Target=] is also
available as a particular signed exchange identified by the
<{link/header-integrity}> parameter. The <dfn element-attr
for="link">header-integrity</dfn> parameter holds the value of the
[=response/header integrity value=] of the [=alternate signed exchange=],
encoded as a [[CSP]] <a grammar>hash-source</a>.
* An <dfn>alternate signed exchange link</dfn> is a <a http-header>Link</a>
header sent with a signed exchange |S|, with the <{link/rel/alternate}> link
type, the `type` parameter set to `application/signed-exchange`, and a
[=Link Context=] (an `anchor` parameter). The [=Link Context=] MUST be the
[=Link Target=] of a <{link/rel/preload}> <a http-header>Link</a> header
inside the signed content of |S|, and the [=alternate signed exchange link=]
means that this resource can also be found inside the <dfn
dfn-type=dfn>alternate signed exchange</dfn> at the [=Link Target=] of the
[=alternate signed exchange link=].
* New [=serialisation-defined Target Attributes=] on the <a http-header>Link</a>
header.
* The <dfn element-attr for="link">variants</dfn> target attribute has the
same values as the <a http-header>Variants</a> Header Field. There MUST
NOT be more than one <{link/variants}> attribute in a link-value;
occurrences after the first MUST be ignored by parsers. It is serialized
to an HTTP link-param by first encoding as if it were a <a
http-header>Variants</a> Header Field value, and then if there are
characters that don't match the <a grammar>token</a> production,
encoding as a <a grammar>quoted-string</a>.
This parameter is used in <{link/rel/allowed-alt-sxg}> links and
[=alternate signed exchange links=] to indicate what representations are
available for the resource at the time that the response is produced.
* The <dfn element-attr for="link">variant-key</dfn> target attribute has
the same values as the <a http-header>Variant-Key</a> Header Field.
There MUST NOT be more than one <{link/variant-key}> attribute in a
link-value; occurrences after the first MUST be ignored by parsers. It
is serialized to an HTTP link-param by first encoding as if it were a <a
http-header>Variant-Key</a> Header Field value, and then if there are
characters that don't match the <a grammar>token</a> production,
encoding as a <a grammar>quoted-string</a>.
This parameter is used in <{link/rel/allowed-alt-sxg}> links and
[=alternate signed exchange links=] to indicate one or more sets of
available-values that identify the representation of the resource.
<h3 algorithm id="mp-document">New Document fields</h3>
At the end of
[the Document object](https://html.spec.whatwg.org/multipage/dom.html#the-document-object)
section, add the following lines:
<blockquote dfn-for="Document">
The {{Document}} has a map of <dfn dfn>prefetched signed exchanges for
navigation</dfn>, which is a [=map=] of [=URLs=] to [=exchanges=], initially
empty. <span class="note">This might merge with the set of prefetched resources
when <{link/rel/prefetch}> is specified more completely.</span>
The {{Document}} has a set of <dfn dfn>prefetched
subresource signed exchanges</dfn>, which is a set of [=exchanges=], initially
empty.
</blockquote>
<h3 algorithm id="mp-navigation-params">New navigation params struct field</h3>
In the [=navigation params=] struct, add the following items:
<dl dfn-for="navigation params">
: <dfn>prefetched subresource signed exchanges</dfn>
:: A set of [=exchanges=], empty unless specified otherwise.
</dl>
<h3 algorithm id="mp-link-type-prefetch">Monkeypatch Link type "prefetch"</h3>
Note: To prefetch the [=alternate signed exchanges=] when the UA receives a
prefetched main resource signed exchange, this section monkeypatches Link type
"<{link/rel/prefetch}>". This algorithm gets all the [=alternate signed exchange
links=] from the outer response, checks if they are allowed by the inner
response's <{link/rel/allowed-alt-sxg}> links, and if they are, associates them
with the inner response's <{link/rel/preload}> links.
Issue(w3c/resource-hints#77): Currently the behavior of recursive prefetch is
not specified. This section monkeypatches Link type "<{link/rel/prefetch}>" to
add support only for the [=alternate signed exchanges=] subresources. When we
change the HTML spec to support general recursive prefetching, this section
needs to align with that change.
To [=process the linked resource|process this type of linked resource=]
("<{link/rel/prefetch}>"), given a link element |el|, boolean |success|, and
[=response=] |response|:
1. If |success| is true, [=fire an event=] named {{HTMLElement/load}} at |el|.
1. Otherwise, [=fire an event=] named {{HTMLElement/error}} at |el|.
1. If |success| is false, then return.
1. If the |response| [=response/did not come from a signed exchange=], then
return.
1. Let |requestUrl| be the first item of |response|'s [=response/URL list=].
1. Let |clonedExchange| be the result of creating a new [=exchange=] with
|requestUrl| and the result of [=response/cloning=] |response|.
1. Let |prefetchedSignedExchanges| be |el|'s [=Node/node document=]'s
[=Document/prefetched signed exchanges for navigation=].
1. [=map/Set=] |prefetchedSignedExchanges|[|requestUrl|] to |clonedExchange|.
1. Let |outerLinkHeader| be the result of [=header list/getting=] `` `Link` ``
from |response|'s [=response/signed exchange outer header list=].
1. If |outerLinkHeader| is null, then return.
1. Let |outerLinks| be the result of [=Parsing a Link Field Value=] from
|outerLinkHeader|.
1. If |outerLinks| is empty, then return.
1. Let |innerLinkHeader| be the result of [=header list/getting=] `` `Link` ``
from |response|'s [=response/header list=].
1. If |innerLinkHeader| is null, then return.
1. Let |innerLinks| be the result of [=Parsing a Link Field Value=] from
|innerLinkHeader|.
1. If |innerLinks| is empty, then return.
1. Let |alternateLinks| be the result of [=getting alternate signed exchange
link info=] from |outerLinks|.
1. Let |allowedSxgLinks| be the result of [=getting allowed signed exchange link
info=] from |innerLink|.
1. For each |innerLink| of |innerLinks|:
1. If |innerLink|'s [=Relation Type=] is not 'preload', then continue.
1. Let |linkTarget| be |innerLink|'s [=Link Target=].
1. Let |asAttribute| be |innerLink|'s [=Target Attribute named=] `"as"`.
1. If |asAttribute| is not a [=potential destination=], continue.
1. If |asAttribute| is `"image"`, then:
1. Let |imagesrcset| be |innerLink|'s [=Target Attribute named=]
`"imagesrcset"`.
1. Let |imagesizes| be |innerLink|'s [=Target Attribute named=]
`"imagesizes"`.
1. Create a <{link}> element |linkElement| whose <{link/href}> attribute
is |linkTarget|, and <{link/imagesrcset}> attribute is
|imagesrcset|, and <{link/imagesizes}> attribute is |imagesizes|.
1. Let |selected source| and <var ignore=''>selected pixel density</var>
be the URL and pixel density that results from [=selecting an image
source=] given |linkElement|, respectively.
1. If |selected source| is not null, then set |linkTarget| to the result
of [=URL parser|parsing=] |selected source|, with a base URL of
|response|'s [=response/URL=].
1. For each |allowedSxgLink| of |allowedSxgLinks|:
1. If |allowedSxgLink|'s [=allowed signed exchange link info/target=]
isn't the same as |linkTarget|, then continue.
1. Let |storedExchange| be the result of creating an [=exchange=] with
|linkTarget| and a new [=response=].
1. If |allowedSxgLink|'s [=allowed signed exchange link info/variants=]
is not null, [=header list/set=] `` `Variants` ``/|allowedSxgLink|'s
[=allowed signed exchange link info/variants=] in |storedExchange|'s
[=exchange/response=]'s [=response/header list=].
1. If |allowedSxgLink|'s [=allowed signed exchange link info/variant
key=] is not null, [=header list/set=] `` `Variant-Key`
``/|allowedSxgLink|'s [=allowed signed exchange link info/variant
key=] in |storedExchange|'s [=exchange/response=]'s
[=response/header list=].
1. Let |requestForMatch| be the result of [=creating a potential-CORS
request=] given a url of |linkTarget|, a destination of the result
of [=destination/translating=] |asAttribute|, and a
corsAttributeState of [=Anonymous=].
1. If |requestForMatch| [=doesn't match the stored exchange=]
|storedExchange|, then continue.
1. Let |alternateSxgUrl| be the [=alternate signed exchange link
info/target=] of the first [=alternate signed exchange link info=]
of |alternateLinks| whose
* [=alternate signed exchange link info/variants=] is
[=string/identical to=] |allowedSxgLink|'s [=allowed signed
exchange link info/variants=],
* [=alternate signed exchange link info/variant key=] is
[=string/identical to=] |allowedSxgLink|'s [=allowed signed
exchange link info/variant key=], and
* [=alternate signed exchange link info/context=] [=url/equals=]
|linkTarget|
or continue if no such link is present.
1. Let |sxgRequest| be the result of [=creating a potential-CORS
request=] given a url of |alternateSxgUrl|, a destination of the
result of [=destination/translating=] |asAttribute|, and a
corsAttributeState of [=Anonymous=].
1. Run the following steps [=in parallel=]:
1. Let |sxgResponse| be the result of [=fetching=] |sxgRequest|.
1. If |sxgResponse|'s [=response/came from a signed exchange=] is
true, and |sxgResponse|'s [=response/URL=] is the same as
|linkTarget|, then [=queue a task=] on the [=networking task source=] to:
1. Let |sxgExchange| be a new [=exchange=] with a
[=exchange/request URL=] of |linkTarget| and a
[=exchange/response=] of |sxgResponse|.
1. [=set/Append=] |sxgExchange| to |el|'s [=Node/node
document=]'s [=Document/prefetched subresource signed
exchanges=].
<h3 algorithm id="mp-process-a-navigate-fetch">Monkeypatch process a navigate fetch</h3>
In [process a navigate fetch](https://html.spec.whatwg.org/multipage/browsing-the-web.html#process-a-navigate-fetch)
before
> 4. Let <var ignore>reservedEnvironment</var> be null.
add the following steps:
4. If |sourceBrowsingContext|'s [=active document=]'s [=Document/prefetched
signed exchanges for navigation=] [=map/contains=] an entry for a key of
|request|'s [=request/url=], then:
1. Let |prefetchedExchange| be |sourceBrowsingContext|'s [=active
document=]'s [=Document/prefetched signed exchanges for
navigation=][|request|'s [=request/url=]].
1. Set |request|'s [=request/stashed exchange=] to the result of creating a
new [=exchange=] with |prefetchedExchange|'s [=exchange/request URL=]
and the result of [=response/cloning=] |prefetchedExchange|'s
[=exchange/response=].
And in
> 16. Let <var ignore>navigationParams</var> be a new [=navigation params=]
> whose ...
add:
16. ... [=navigation params/prefetched subresource signed exchanges=] is
|sourceBrowsingContext|'s [=active document=]'s [=Document/prefetched
subresource signed exchanges=], ...
Note: As browsers move toward partitioned HTTP caches, the source document's
cache will likely be separate from the target's cache, so we can't just pass
prefetched content through the cache.
<h3 algorithm id="mp-page-load-processing-model-for-html-fiiles">
Monkeypatch Page load processing model for HTML files</h3>
Note: To use the [=navigation params/prefetched subresource signed exchanges=]
after the navigation, this section monkeypatches [=Page load processing model
for HTML files=]. This gets all the <{link/rel/allowed-alt-sxg}> links from the
inner response that are also preloaded and uses the [=navigation
params/prefetched subresource signed exchanges=] if all of those links were
prefetched.
Issue(whatwg/html#4224): Currently the processing model of the HTTP <a
http-header>Link</a> header is not defined in the HTML spec. This section
monkeypatches only for <a http-header>Link</a> rel=preload HTTP headers. When we
will change the HTML spec to generally support <a http-header>Link</a> HTTP
headers, this section must be made to align with the change.
In [=Page load processing model for HTML files=] before
> 2. Create an HTML parser and ...
add the following steps:
2. Run the following steps [=in parallel=]:
1. Wait until |document|'s [=viewport=] is known.
Note: When the |document|'s [=viewport=] is known is not normatively
defined in the HTML spec. Need to define the behavior of
the preload scanner to define this.
1. Let |linkHeader| be the result of [=header list/getting=] `` `Link`
`` from |navigationParams|'s [=navigation params/response=]'s
[=response/header list=].
1. If |linkHeader| is null, then return.
1. Let |links| be the result of [=Parsing a Link Field Value=] from
|linkHeader|.
1. Let |allowedSxgLinks| be the result of [=getting allowed signed
exchange link info=] from |links|.
1. Let |preloadLinkItems| be an empty [=list=].
1. Let |canLoadAlternateSxg| be true.
1. For each |link| of |links|:
1. If |link|'s [=Relation Type=] is not 'preload', then continue.
1. Let |linkTarget| be |link|'s [=Link Target=].
1. Let |asAttribute| be |link|'s [=Target Attribute named=] `"as"`.
1. If |asAttribute| is not a [=potential destination=], continue.
1. If |asAttribute| is `"image"`, then:
1. Let |imagesrcset| be |link|'s [=Target Attribute named=]
`"imagesrcset"`.
1. Let |imagesizes| be |link|'s [=Target Attribute named=]
`"imagesizes"`.
1. Create a <{link}> element |linkElement| whose <{link/href}>
attribute is |linkTarget|, and <{link/imagesrcset}>
attribute is |imagesrcset|, and <{link/imagesizes}>
attribute is |imagesizes|.
1. Let |selected source| and <var ignore=''>selected pixel
density</var> be the URL and pixel density that results from
[=selecting an image source=] given |linkElement|,
respectively.
1. If |selected source| is not null, then set |linkTarget| to
the result of [=URL parser|parsing=] |selected source|, with
a base URL of |navigationParams|'s [=navigation
params/response=]'s [=response/URL=].
1. Let |headerIntegrity| be null.
1. For each |allowedSxgLink| of |allowedSxgLinks|:
1. Let |storedExchange| be the result of creating an
[=exchange=] with the URL of |allowedSxgLink|'s [=allowed
signed exchange link info/target=] and a new [=response=].
1. If |allowedSxgLink|'s [=allowed signed exchange link
info/variants=] is null, [=header list/set=] `` `Variants`
``/|allowedSxgLink|'s [=allowed signed exchange link
info/variants=] in |storedExchange|'s
[=exchange/response=]'s [=response/header list=].
1. If |allowedSxgLink|'s [=allowed signed exchange link
info/variant key=] is not null, [=header list/set=] ``
`Variant-Key` ``/|allowedSxgLink|'s [=allowed signed
exchange link info/variant key=] in |storedExchange|'s
[=exchange/response=]'s [=response/header list=].
1. Let |requestForMatch| be the result of [=creating a
potential-CORS request=] given a url of |allowedSxgLink|'s
[=allowed signed exchange link info/target=], a destination of
the result of [=destination/translating=] |asAttribute|, and a
corsAttributeState of [=Anonymous=].
1. If |requestForMatch| [=matches the stored exchange=]
|storedExchange|, then:
1. Set |headerIntegrity| to |allowedSxgLink|'s [=allowed signed
exchange link info/header integrity=].
1. Break out of the |allowedSxgLinks| loop.
1. Let |prefetched alternate exchange| be null.
1. For each |sxg| of |navigationParams|'s [=navigation
params/prefetched subresource signed exchanges=]:
1. If |headerIntegrity| is the same as the value of |sxg|'s
[=exchange/response=]'s [=response/header integrity value=]
encoded as a [[CSP]] <a grammar>hash-source</a>, then set
|prefetched alternate exchange| to |sxg|.
1. If |headerIntegrity| is not null and |prefetched alternate
exchange| is null, then set |canLoadAlternateSxg| to false.
Note: This means that there is a matching
<{link/rel/allowed-alt-sxg}> link for the <{link/rel/preload}>
|link|, but the matching signed exchange has not been
prefetched. In this case the UA can't use the prefetched
subresource signed exchanges for other <{link/rel/preload}>
links. This is intended to prevent the referrer page from
encoding a tracking ID into the set of subresources it
prefetches.
1. [=list/Append=] the [=alternate signed exchange preload info=]
(|link|, |linkTarget|, |prefetched alternate exchange|) to
|preloadLinkItems|.
1. For each |preloadLinkItem| of |preloadLinkItems|:
1. Let |asAttribute| be |preloadLinkItem|'s [=alternate signed exchange
preload info/link=]'s [=Target Attribute named=] `"as"`.
1. Assert: |asAttribute| is a [=potential destination=].
1. Let |corsAttributeState| be the state of a synthetic [=CORS settings
attribute=] with a value of |preloadLinkItem|'s [=alternate signed
exchange preload info/link=]'s [=Target Attribute named=]
`"crossorigin"`.
1. Let |request| be the result of [=creating a potential-CORS request=]
given a url of |preloadLinkItem|'s [=alternate signed exchange
preload info/target=], a destination of the result of
[=destination/translating=] |asAttribute|, and a corsAttributeState
of |corsAttributeState|.
1. Set |request|'s [=request/client=] to |document|.
1. Set |request|'s [=request/cryptographic nonce metadata=] to
|preloadLinkItem|'s [=alternate signed exchange preload
info/link=]'s [=Target Attribute named=] `"nonce"`.
1. Set |request|'s [=request/integrity metadata=] to
|preloadLinkItem|'s [=alternate signed exchange preload
info/link=]'s [=Target Attribute named=] `"integrity"`.
1. Set |request|'s [=request/referrer policy=] to be the [=referrer
policy attribute=] of |preloadLinkItem|'s [=alternate signed
exchange preload info/link=]'s [=Target Attribute named=]
`"referrerpolicy"`.
1. If |canLoadAlternateSxg| is true, then set |request|'s
[=request/stashed exchange=] to |preloadLinkItem|'s [=alternate
signed exchange preload info/prefetched alternate exchange=].
Note: When |canLoadAlternateSxg| if false or there is no
matching prefetched alternate exchange, the original resource
declared in the <{link/rel/preload}> <a http-header>Link</a>
header |link| will be fetched.
1. [=Fetch=] |request| [=in parallel=].
# Structures # {#structs}
<h3 dfn-type=dfn export>Exchange</h3>
An exchange is a [=struct=] with the following items:
<ul dfn-for="exchange">
* <dfn export>request URL</dfn>, a [=URL=].
* <dfn export>response</dfn>, a [=response=].
</ul>
<h3 dfn-type=dfn>Read buffer</h3>
A read buffer is a [=struct=] with the following items:
<ul dfn-for="read buffer">
* <dfn>stream</dfn>: A {{ReadableStream}}.
* <dfn>reader</dfn>: A {{ReadableStreamDefaultReader}} whose stream is [=read
buffer/stream=].
* <dfn>bytes</dfn>: A [=byte sequence=] holding the bytes that have been read
from [=read buffer/stream=] but not returned to a calling algorithm yet.
</ul>
<h3 dfn-type=dfn>Augmented Certificate</h3>
An augmented certificate is a [=tuple=] with the following items:
<ol dfn-for="augmented certificate">
1. <dfn>certificate</dfn>, a [=byte sequence=] that's expected to hold a
DER-encoded X.509v3 certificate ([[RFC5280]]).
1. <dfn>OCSP response</dfn>, a [=byte sequence=] that's expected to hold a
DER-encoded [=OCSPResponse=] for the [=augmented certificate/certificate=].
1. <dfn>SCT</dfn>, a [=byte sequence=] that's expected to hold a
[=SignedCertificateTimestampList=] for the [=augmented
certificate/certificate=] <span class="note">(note, not a v2
[=TransItemList=])</span>.
</ol>
These fields are [=byte sequences=] instead of parsed and validated structures
because we expect some UAs to pass them to other systems for validation, and
some of those systems expect plain byte sequences.
A [=augmented certificate/certificate=] contains a <dfn for="certificate">public
key</dfn> ([=Subject Public Key Info=]), which has an <dfn for="public
key">algorithm</dfn> ([=AlgorithmIdentifier=]).
A [=augmented certificate/certificate=] contains an <dfn
for="certificate">extensions</dfn> map ([=Certificate Extensions=]) from OIDs to
[=byte sequences=].
A <dfn>certificate chain</dfn> is a [=list=] of [=augmented certificates=], of
which the first [=list/item=] is the <dfn for="certificate chain">leaf</dfn>.
<h3 dfn-type=dfn export>Signed Exchange report</h3>
A signed exchange report is a [=struct=] with the following items:
<dl dfn-for="signed exchange report">
: <dfn>result</dfn>
:: The result string of loading signed exchange. This must be unset or one of
"<dfn>`ok`</dfn>", "<dfn>`mi_error`</dfn>",
"<dfn>`non_secure_distributor`</dfn>", "<dfn>`parse_error`</dfn>",
"<dfn>`invalid_integrity_header`</dfn>",
"<dfn>`signature_verification_error`</dfn>",
"<dfn>`cert_verification_error`</dfn>", "<dfn>`cert_fetch_error`</dfn>",
"<dfn>`cert_parse_error`</dfn>",
: <dfn>outer request</dfn>
:: The [=request=] which the user agent sent to the server to load the signed exchange.
: <dfn>outer response</dfn>
:: The [=response=] which the user agent received from the server.
: <dfn>inner URL</dfn>
:: The logical [=URL=] of the signed exchange, if available. Otherwise, an empty
string.
: <dfn>cert URL list</dfn>
:: The list of [=URLs=] in "`cert-url`" parameters for the signed exchange's
signatures, if available. Otherwise, an empty list.
: <dfn>server IP</dfn>
:: The IP address of the server from which the user agent received the signed
exchange, if available. Otherwise, an empty string.
: <dfn>cert server IP list</dfn>
:: The list of IP addresses of the servers from which the user agent received
the certificates listed in [=signed exchange report/cert URL list=].
</dl>
<h3 dfn-type=dfn export>Exchange Signature</h3>
An exchange signature is a [=struct=] with the following items:
<dl dfn-for="exchange signature">
: <dfn>signature</dfn>
:: A [=byte sequence=] holding a signature of the exchange.
: <dfn>certificate chain</dfn>
:: A [=certificate chain=] whose [=certificate chain/leaf=]'s
[=certificate/public key=] can verify the [=exchange signature/signature=]
and from which the UA will try to build a path from the [=certificate
chain/leaf=] to a trusted root.
: <dfn>certSha256</dfn>
:: A [=byte sequence=] holding the [=SHA-256=] hash that verified the [=exchange
signature/certificate chain=]'s [=certificate chain/leaf=].
: <dfn>integrity header</dfn>
:: A [=list=] of [=ASCII strings=] that describes the response header and any of
its parameters that guard the integrity of the response payload.
: <dfn>validityUrl</dfn>
:: A [=URL=] describing where to update this signature.
: <dfn>validityUrlBytes</dfn>
:: The bytes that [=exchange signature/validityUrl=] was parsed from.
: <dfn>date</dfn>
:: The POSIX time at which the signature starts being valid.
: <dfn>expiration time</dfn>
:: The POSIX time at which the signature stops being valid.
</dl>
<h3 dfn-type=dfn export>Allowed signed exchange link info</h3>
An allowed signed exchange link info is a [=struct=] with the following items,
holding a parsed <{link/rel/allowed-alt-sxg}> link:
<dl dfn-for="allowed signed exchange link info">
: <dfn>target</dfn>
:: A [=URL=] holding the value of the link's [=Link Target=].
: <dfn>header integrity</dfn>
:: A [=string=] holding the value of the link's [=Target Attribute=] named
`"header-integrity"`.
: <dfn>variants</dfn>
:: A [=string=] holding the value of the link's [=Target Attribute=] named
`"variants"`, or null.
: <dfn>variant key</dfn>
:: A [=string=] holding the value of the link's [=Target Attribute=] named
`"variant key"`, or null.
</dl>
<h3 dfn-type=dfn export>Alternate signed exchange link info</h3>
An alternate signed exchange link info is a [=struct=] with the following items,
holding a parsed <{link/rel/alternate}> link:
<dl dfn-for="alternate signed exchange link info">
: <dfn>target</dfn>
:: A [=URL=] holding the value of the link's [=Link Target=].
: <dfn>context</dfn>
:: A [=URL=] holding the value of the link's [=Link Context=].
: <dfn>variants</dfn>
:: A [=string=] holding the value of the link's [=Target Attribute=] named
`"variants"`, or null.
: <dfn>variant key</dfn>
:: A [=string=] holding the value of the link's [=Target Attribute=] named
`"variant key"`, or null.
</dl>
<h3 dfn-type=dfn export>Alternate signed exchange preload info</h3>
An alternate signed exchange preload info is a [=struct=] with the following items:
<dl dfn-for="alternate signed exchange preload info">
: <dfn>link</dfn>
:: A link object [=Parsing a Link Field Value|parsed=] from a HTTP <a
http-header>Link</a> header.
: <dfn>target</dfn>
:: A URL to be preloaded. <span class="note">This can be different from
[=alternate signed exchange preload info/link=]'s [=Link Target=], when
`"imagesrcset"` is used for image preload.</span>
: <dfn>prefetched alternate exchange</dfn>
:: The [=exchange=] of the prefetched [=alternate signed exchange=], or null.
</dl>
# Algorithms # {#algorithms}
<h3 algorithm id="identifying-sxg">Identifying signed exchanges</h3>
The <dfn>signed exchange version</dfn> of a [=response=] |response| is the