Mike West

> I don't think even a large set of static states accomplishes that - "You're logged in to Shop Pay" doesn't really prove much to the user. Presumably the static...

I agree with @davidben. From Fetch's perspective, the only schemes that matter are `http` and `https`. `ws` and `wss` are folded into those, and other schemes either don't have cookies...

This is a good suggestion; an authenticated TLS connection is a good way to have a baseline guarantee that you're actually publishing the document an author intended you to publish.

Chromium implements both kinds of downloads as `navigate`. It seems reasonable to me for us to bake that into the spec, especially given the behavior @annevk notes above. If you'd...

Understood, and thanks for the feedback! With a security hat on, I'd prefer for the platform's defaults to assume the worst, and fail closed. It's worse, in my mind, for...

Sorry I missed @sleevi's ping earlier. I'm willing to believe that we're making the wrong tradeoff here, and I think there's some justification to considering the implicit correlation of socket...

I've pointed our privacy folks at that bug and thread, and asked them to comment. Thanks for following up on this, @annevk!

> Is the [InjectionMitigated] idea being used for any web platform APIs today? Chromium has an implementation of the attribute that we're using for `getAllScreensMedia()` (see [`media_devices.idl`](https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/renderer/modules/mediastream/media_devices.idl;drc=3f8f9df137702ca101cd084fd1ccb86628276f3e;l=36)) to lock in...

> But IMHO PEPC is still unproven and currently [lacks any signals](https://chromestatus.com/feature/5125006551416832) from non-Chromium engines, so is not something we could take a dependency on yet. We're talking to @marcoscaceres...

I agree with @annevk; you need something to mitigate the kinds of leakage that this feature would expose. `` was limited to same-origin for this reason. I'm sure we could...