Hello.

I am Paul Kinlan.

A Developer Advocate for Chrome and the Open Web at Google.

I love the web. The web should allow anyone to access any experience that they need without the need for native install or content walled garden.

The local-only web

Paul Kinlan

In this post, I explore the potential of the File System Access API to create local-only web experiences. I discuss how this API, combined with tools like Logseq, allows for on-device data storage outside the browser sandbox. While exciting, I also acknowledge the current limitations, such as the need to re-grant file access on refresh, the lack of a visual indicator for local-only sites, and the difficulty of preventing data exfiltration entirely. Despite these challenges, I believe this area holds significant potential and deserves further exploration.

Read More

Feature Policy & the Well-Lit Path for Web Development (Chrome Dev Summit 2018)

Paul Kinlan

Feature Policy is a powerful web platform tool that allows developers to control the behavior of APIs and features, similar to CSP. It helps manage third-party content by enabling or disabling functionalities like autoplay, geolocation, and sensor access within iframes, giving embedders more control over their page experience. Additionally, Feature Policy assists in maintaining performance budgets during development by flagging potential violations, such as excessive image downscaling, as demonstrated with the 'max-downscaling-image' policy used during Chrome Dev Summit. Developers can explore more about Feature Policy, code samples, and demos at featurepolicy.rocks, submit feedback at https://bit.ly/2B3gDEU, and learn about the Reporting API at https://bit.ly/rep-api. For the latest Chrome implementations, visit Chrome Status.

Read More

Using CSP Nonces effectively with service worker

Paul Kinlan

CSP nonce values can help you securely run inline content on you site. But it can be hard to get it working with Service Workers... until now.

Read More

Imperative Content Security Policy with Service Worker

Paul Kinlan

Some quick thoughts about not using CSP when you have a Service Worker.

Read More

Detecting injected content from third-parties on your site

Paul Kinlan

Do you know if any ISP's are injecting Ads or anything else in to your site? No. I thought not.

Read More