Trust and Safety
See original GitHub issueSummarizing our latest meeting.
Initial Work For Trust and Safety
is-on-https
We want to align on the “mixed content” issues that will be landing in CDT soon. See this issue for more: https://github.com/GoogleChrome/lighthouse/issues/10615
COEP
One approach would be to fail if there is no COEP header. However, we are hesitant to do this because the benefits aren’t universally applicable.
The approach we’re going with is simply listing the frames that are blocked due to the embedder policy. This information will come from the backend, but it’s still a WIP.
Existing audits
In addition, we want to re-home these existing audits:
external-anchors-use-rel-noopener
redirects-http
geolocation-on-start
notification-on-start
vulnerabilities
https://github.com/GoogleChrome/lighthouse/pull/10623
Place in the report
We have two options:
- A new category
- Group in best-practices
If we did 1, there’s a question of how to present the score–badge vs score (and pass/fail vs numerical score). Due to that, we are leaning towards option 2.
Issue Analytics
- State:
- Created 3 years ago
- Reactions:1
- Comments:5 (2 by maintainers)
Top GitHub Comments
There’s an inconsistency here. I think what’s been unsaid is we don’t want to invest engineering work on a low-impact audit, which you’ve identified COEP issues in Lighthouse as. Which I agree with.
In order to do COEP stuff today we’d have to do some eng work (has not landed in the protocol yet), but once it is landed in the backend it’s straightforward to consume. At that point, we’d want to make an audit for COEP issues, right?
We have done this initial work, T&S will be an ongoing things (such as issue catch all, csp audit, etc…)