Origin Trial is not cross UA compatible #23
Comments
|
Why wouldn't other UAs be able to use the Origin-Trial header/http-equiv? Our implementation just ignores any tokens that aren't signed by our keys/that aren't in our format. It's always been our intention to allow other UAs to do the same thing with the same headers. Of course origin trials themselves will never be cross UA compatible. By their very nature they're experimental APIs. But there is no reason a website can't embed tokens for multiple UAs for similar trials. |
Because the Origin-Trial header is specified as:
And not:
I.e. it's not a list. |
|
That's a bug in the (lack of) spec. I started trying to more formally specify the actual format of any of this, but that work seems to have mostly gotten lost (http://jpchase.github.io/OriginTrials/#header). The intention (and the implementation) is and has always been that the Origin-Trial header is can contain as many comma-separated tokens as you want (and you can equally have as many Origin-Trial headers as you'd like). |
|
The spec is fine, I think -- the term 'email' doesn't appear in it at all, and the header seems to be defined reasonably there. I think the issue here is in developer-guide.md, which we should probably either tag as a Chromium-specific workflow guide, or actually move out of this repo and into Chromium docs. available-trials.md and ship-as-trial.md probably have the same issue. They're more notes about how we're implementing this in Blink, and less about the origin trial spec itself. |
If other UAs should decide to use origin trial, they have a problem, because they cannot use the Origin-Trial header/http-equiv, since that is already taken by Google.
I'd suggest changing the OT semantic to allow issuance of many tokens on the Origin-Trial header so that other UAs can join that semantic.
The text was updated successfully, but these errors were encountered: