Define "user-initiated navigation" (e.g. location-bar navigation) more concretely

[domenic]

It would be good to provide a more solid spec foundation for https://w3c.github.io/webappsec-fetch-metadata/#directly-user-initiated; perhaps most of that section should move into HTML, replacing the current vague phrase

A user agent may provide various ways for the user to explicitly cause a browsing context to navigate, in addition to those defined in this specification.

Besides Sec-Fetch-Site, this also causes browsing context swaps---at least in Chromium---and getting that specified and tested would be good. (See #5350.)

[jakearchibald]

This is important, since (at least) Chrome will not allow document-initiated navigations to abort browser-UI-triggered navigations.

[domenic]

#2414 is related

[domenic]

I might solve this at least partially in WICG/navigation-api#63, although fully closing it would involve updating the Sec-Fetch-Site spec.

[annevk]

I guess it would impact how Sec-Fetch-Site is defined? I suspect the primitive here is request's client being null, which has a number of issues in Fetch...

[domenic]

Sorry, yes, both the OP and my response say "Sec-Fetch-Dest" but the header in question is actually "Set-Fetch-Site". (I've edited both now.) Per https://w3c.github.io/webappsec-fetch-metadata/#directly-user-initiated it's currently defined in terms of HTML's

A user agent may provide various ways for the user to explicitly cause a browsing context to navigate, in addition to those defined in this specification.

which is also something app history wants to hook into.

The connection to null clients is quite interesting; it'd be good to straighten that out indeed... I'll give it a look.