Describe how pieces of an application can be user agents. #21
Conversation
An application might not act as a UA when browsing 1p content, as long as the distinction is clear to users. A library might or might not implement the UA duties, depending on the purpose it's meant to serve in applications that embed it.
index.bs
Outdated
| If the user of an application | ||
| can distinguish the user agent inside that application | ||
| from other parts of the application | ||
| that act on the application's author's behalf | ||
| ("first-party" parts of the application), | ||
| then only the [=user agent=] parts, | ||
| which browse "third-party" content, | ||
| need to follow the [=user agent duties=]. |
There was a problem hiding this comment.
I find the if clause a bit wordy.
I think the premise that the users can detect the boundaries is questionable, or at least arguably rarely true in practice (irrespective to, e.g., the address bar showing).
We can say that some content is clearly 1p or 3p but applications mix both in ways users cannot distinguish. So, I'm not sure about the premise that the users can detect UA boundaries.
Simple example I can think of is whether the address bar is visible. As I understand it, the embedding application decides on what UI to expose, so the address bar can be hidden for WebViews. With Custom Tabs, address bar is visible/mandatory.
There was a problem hiding this comment.
I agree it's usually very hard for a user to detect whether it's 1p or 3p or even web content at all. If I'm using an app built with Capacitor, Cordova or Tauri it's very likely I might not notice that I'm using what I should consider a user agent because it looks like a native app and not the web.
Embedding first party content using web components definitely deserves a distinction I'd argue, because applying all UA duties hurts compatibility and causes issues that are hard to understand. On the other hand developers embedding web content might not be aware of the responsibilities they bear because they think it's the responsibility of the WebView to make sure the user agent duties are fulfilled.
For example you can use APIs like WebViewAssetLoader or WKURLSchemeHandler to load content bundled with the application into the WebView. Because the content is shipped with the embedding application I would consider it first party content but third party restrictions like CORS or third party cookie blocking are applied today because the WebView is considered a user agent in every scenario.
My understanding on this might be too naive but I would love to both things covered somehow here:
- If an app embeds third party web content it becomes a user agent for that content and needs to make sure it follows the duties
- A software component doesn't need to follow the user agent duties for content that's clearly first party.
There was a problem hiding this comment.
Looking at the way a couple apps show 3p content, I think it's clear enough that it's separate from the main app:
This is largely because they choose to show the address bar, but I don't know that the address bar is either necessary or sufficient, so I'd like to keep the more general idea that it's about whether the user can distinguish.
However, I'll look at how to clarify the 'if' clause.
index.bs
Outdated
| Applications with embedded user agents should | ||
| give their users clear expectations about | ||
| what behavior they should expect from different parts of the app. |
There was a problem hiding this comment.
I htink this aligns well with honesty duty.
| If the distinction between third-party and first-party content is too small, | ||
| the application should also follow the [=user agent duties=] | ||
| for its first-party content. |
There was a problem hiding this comment.
"too small" leaves room for subjective interpretation / inconsistent implementations. We should clarify criteria or give examples, e.g., availability or visibility of the address bar, permission prompts, TLS indicator / padlock, Origin display, other visual separation (like marking embedded iframes / ads differently).
There was a problem hiding this comment.
I think it's fine to leave this subjective, and merely set the ground for future discussion. The duties are subjective too. I've added an address bar example.
| Similarly a library that implements the web platform | ||
| may or may not be a full [=user agent=]. | ||
| Some, like [`SFSafariViewController`](https://developer.apple.com/documentation/safariservices/sfsafariviewcontroller) | ||
| and [Android Custom Tabs](https://developer.chrome.com/docs/android/custom-tabs) | ||
| take the responsibility of implementing the [=user agent duties=] | ||
| and of making a clear distinction between the third-party content they browse | ||
| and the first-party content controlled by the embedded application. | ||
| These libraries are [=user agents=]. |
There was a problem hiding this comment.
Do thes platform-specific example libraries fully comply with UA duties in all contexts? Are there test results showing that they make a distinction between 1p and 3p content? They may also be subject to change in the future. It may be better to generalise the characteristics rather than naming specific ones. As I understand it, they show the address bar but that may just be one example and I don't doubt that there is are others ones that can signal to the user to help make the distinction between 1p and 3p.
There was a problem hiding this comment.
I believe they do, at least as far as the underlying browsers do, and that their developers will consider it a bug if an application can cause these libraries to behave "worse" than the underlying browsers. On the other hand, the WebView libraries don't make any such effort.
These libraries treat everything inside them as 3p content, even if you happen to browse back to the embedding app's site, and that's totally acceptable behavior w.r.t. the duties.
If these libraries change to stop following the UA duties, or to let applications override their defaults, that'll be a bad change for any application relying on them, and I hope that including them here will help us push against such a change. I could say "as of 2025" to hedge a bit, but if that change does happen, we will want to update this document.
| Because some of these applications only include first-party content, | ||
| WebView libraries aren't meant to be [=user agents=] on their own, | ||
| and they don't implement the [=user agent duties=]. |
There was a problem hiding this comment.
I don't disagree and I get the point this is trying to make but saying that WebViews aren't meant to be UAs shifts the burden of responsibility without specifying safeguards.
There was a problem hiding this comment.
I don't disagree, too. For WebViews it's really complicated. On on hand they aren't user agents because the embedding app has a lot of control over it and they are often used to only load first party content. Developers implementing might not even know about the responsibilities. On the other hand WebViews apply a lot over user agent duties today that don't necessarily make sense since the app can work around them using WebView APIs.
There was a problem hiding this comment.
@csarven I'm trying to improve safety by having this document inform the WebView embedders that if they let the WebView navigate to content they didn't provide, they suddenly have a bunch more responsibilities. Until this, I don't think any document exists to warn them about that.
|
|
||
| Ultimately, an embedding application is responsible for ensuring | ||
| that it follows the [=user agent duties=] if it or part of it is a [=user agent=]. | ||
| This can be nearly trivial if it only browses third-party content using a [=user agent=] library. |
There was a problem hiding this comment.
This phrasing may mislead devs into underestimating potential risk.
There was a problem hiding this comment.
What risks are you worried they'll miss because of this? I think it's right to say that if a developer uses Android Custom Tabs or SFSafariViewController for opening links, they don't need to do anything more to deal with the Duties, but I could mention a particular thing if you know of it.
index.bs
Outdated
| Developers need to take more care | ||
| when implementing an in-app browser using a non-[=user agent=] WebView. |
There was a problem hiding this comment.
Perhaps this (emphasizes that responsibility lies with the app, not the WebView itself):
| Developers need to take more care | |
| when implementing an in-app browser using a non-[=user agent=] WebView. | |
| Developers need to take extra care | |
| to ensure their app enforces UA duties | |
| when using a non-[=user agent=] WebView. |
There was a problem hiding this comment.
It's only when they use the WebView to browse outside their own content, and the app "follows" rather than "enforces" the duties, but I've taken the rest in f283e29.
… of itself as a UA.
| As software entities, user agents can be parts of larger applications, | ||
| and they can call libraries that implement the web platform or parts of it. | ||
|
|
||
| If an overall application makes a clear distinction |
There was a problem hiding this comment.
I agree with @NiklasMerz that whether 3p contents are hosted makes a much bigger difference than whether the users can distinguish 1p vs. 3p parts. We shouldn't assume users can understand the difference between the browser chrome and the web content.
As a counterexample to the proposed text, consider PWA, which hides the browser chrome and everything displayed to the user is 3p. But user might consider that content 1p as they may not understand that a PWA is running inside a UA.
There was a problem hiding this comment.
In a PWA (e.g. example.com), the user agent (e.g. Chrome) is showing 3p content, and has to obey the duties. Example.com is showing 1p data and doesn't have to obey the duties.
…sing WebViews to browse 3p content.
An application might not act as a UA when browsing 1p content, as long
as the distinction is clear to users.
A library might or might not implement the UA duties, depending on
the purpose it's meant to serve in applications that embed it.
This fixes #7 and fixes #12.
Preview | Diff