application/importmap+json MIME Type Registration
draft-bedford-app-importmap-media-reg-00

Document Type Active Internet-Draft (individual in art area)
Last updated 2019-11-18 (latest revision 2019-11-17)
Stream IETF
Intended RFC status Informational
Formats plain text xml pdf htmlized bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state Publication Requested
Consensus Boilerplate Yes
Telechat date
Responsible AD Alexey Melnikov
Send notices to (None)
Network Working Group                                    G. Bedford, Ed.
Internet-Draft                                 Verve Interactive Pty Ltd
Intended status: Informational                         November 17, 2019
Expires: May 20, 2020

           application/importmap+json MIME Type Registration
                draft-bedford-app-importmap-media-reg-00

Abstract

   Media type registration for JSON import map definitions that control
   the behavior of JavaScript imports.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on May 20, 2020.

Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Bedford                   Expires May 20, 2020                  [Page 1]
Internet-Draft    application/importmap+json Media Type    November 2019

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Terminology . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Example . . . . . . . . . . . . . . . . . . . . . . . . . . .   2
   3.  Security Considerations . . . . . . . . . . . . . . . . . . .   3
   4.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   3
     4.1.  The application/importmap+json Media Type . . . . . . . .   3
   5.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   4
   6.  Normative References  . . . . . . . . . . . . . . . . . . . .   5
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   5

1.  Introduction

   This memo defines a media type Section 4.1 for application/
   importmap+json.

1.1.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

2.  Example

   An example application.importmap, following the import maps
   specification (https://wicg.github.io/import-maps/) can be written:

             {
               "imports": {
                 "pkg": "/lib/pkg/main.js"
               }
             }

   This would support the following workflow in browsers:

          <script type="importmap" src="/application.importmap"></script>
          <script type="module">
            // loads /lib/pkg/main.js
            import pkg from 'pkg';
          </script>

Bedford                   Expires May 20, 2020                  [Page 2]
Internet-Draft    application/importmap+json Media Type    November 2019

3.  Security Considerations

   The following security considerations apply when using application/
   importmap+json: Control of the import map should be considered to be
   a form of execution-level application control.  This is because
   import maps have the ability to direct which module resolutions are
   to be provided for all module import specifiers in a given JavaScript
   environment, including for example the ability to map arbitrary
   import specifiers into data: URLs.  Integration with existing policy
   systems, such as CORS and CSP, can be used to mitigate and restrict
   unwanted target URLs from being executed.  The import maps
   specification states that only those import maps served to browsers
   with the `application/importmap+json` MIME type will be executed
   allowing for server-level control of import map deployment to
   mitigate unintended usage in browsers.

4.  IANA Considerations

   This document defines a single action for IANA:

4.1.  The application/importmap+json Media Type

   The application/importmap+json Media Type is defined as follows:

   Type name:          application

   Subtype name:       importmap+json
Show full document text