Create F2F agenda - 20 September 2016

[jakearchibald]

Where: TPAC Auditorium III, first floor
When: 9am

Draft agenda:

• V1
  • Decided but depend on other issues (Check the status and close SW ones if possible)
    • ExtendableMessageEvent.source cannot be SameObject
    • Drop isReload
  • Not resolved
    • should FetchEvent.request.cache reflect non-fetch browser cache controls?
    • Inconsistencies due to when clients are created (a.k.a reserved client issue)
    • spec exactly how to order non-window Client objects - comments from Brady?
    • consider fetching service worker scripts with no-cache by default - expect API & design discussion
  • Path to CR
    • Publishing plan - Ade's proposal & question on whether we can skip FPWD for the successive versions on the same trunk
      • Resolution: go with Ade's proposal and set TR/service-workers to the latest work
    • Split the cache API into its own spec
  • Platform in general - Can be timeboxed but we may have relevant folks here!
    • Receivers of ranged responses must ensure all ranges come from the same underlying resource
    • spec behavior when ServiceWorkerContainer parent client is dead
  • Sitting-next-to-@annevk-and-discuss-how-to-spec-issues - Will do hallway discussion
    • html no longer defines "referrer source"
    • Does accessing ExtendableEvent's extend lifetime promises race?
• Multiple instances - wait for Brady
• Ignore case for cache querying - I'd like to know more about the reasons for this
• Preload request - I believe we all agree on the feature, but let's reach agreement on the API
• self.clients on windows
• Should EventSource and WebSocket be exposed in service workers? - I'd like to review our stance on blocking APIs in the SW
• Foreign fetch - it's been a while since we reviewed this
• Background fetching/caching - new feature that Chrome's pretty keen on
  • We'll probably discuss in-progress fetches as part of that
• HEIST - ping Brad & Mike
• "modal" window for payments/credentials

[jakearchibald]

We get one day this time, so it'd be nice to limit v1 stuff to the essentials, and leave the nitty gritty to hallway tracks. @jungkees, any particular issues you want to look at?

I think it's been awhile since we reviewed foreign fetch, so I'd like to do that. @mkruisselbrink, are you happy with that?

Also we'll have special guest star @annevk joining us, so it feels like we should take the opportunity to tackle fetch stuff.

[LJWatson]

Thanks @jakearchibald

If you could post the agenda to the Service Workers meeting when you've figured it out, that'd be lovely. Thanks.

[mkruisselbrink]

I think it's been awhile since we reviewed foreign fetch, so I'd like to do that. @mkruisselbrink, are you happy with that?

Feel free to review foreign fetch, but I'm unfortunately not going to be at TPAC.

[jakearchibald]

HEIST chat:

• Could cross origin resources count against the other origin's quota?
  • But what about persistent storage?
  • What about clearing out the origin?
  • What about "bombing" another origin's storage usage?
    • Could assign "blame" for individual requests
  • Does padding already solve this?
• Advert iframes want to display credentialed content, but the load event is potentially a privacy leak through timing

Resolution:

• Investigate Mike's suggestion above
• Continue with the bucketing solution with storage - if it works out propose it for the spec
• HEIST continues to be a problem - should it be mitigated at on an API per API level, or opt-in via same-site cookies