Contact emails
Spec
XHR Spec is https://xhr.spec.whatwg.org/
This intent is to implement and ship the spec change described in https://github.com/whatwg/xhr/pull/177
Summary
As a step towards eventual deprecation of Synchronous XMLHttpRequest outside of workers, we are making it a policy-controlled feature. This allows synchronous XHR to be disabled for any document by the developer, or for a document embedded in a frame by the embedding page. Disabling it will cause calls to send() to immediately fail with a network error. When disabled in any frame, that policy automatically applies to any content embedded within that frame as well.
Is this feature supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
Yes.
Demo link
http://xhr.featurepolicy.rocks/
Debuggability
When an XHR is disabled by feature policy, it will appear to the application that a network error has occurred. To help developers distinguish this from a legitimate network error, a message will be printed to the developer console.
Risks
Interoperability and Compatibility
This proposal adds an optional way to disable an existing feature. Existing websites will not be affected by the introduction of this feature, and synchronous XHR will continue to work as before. There are, however, at least two possible sources of interop and compat risk:
The first would be that developers believe that they have disabled synchronous XHR by policy, but it continues to work in browsers which have not implemented this feature.
The second risk is that sites which are completely unaware of this change are embedded via <iframe> elements inside of a page which disables synchronous XHR. In that case, any synchronous request initiated in those sites would stop working. This is at least partly mitigated by the fact that a network error condition is simulated, and any sites which rely on network requests should (in theory) be written to handle the case where those requests fail.
There is widespread support among browser vendors for doing *something* to restrict / discourage the use of synchronous XHR on the web, and discussions at TPAC concluded that this was a reasonable something to start with.
Web developers come down on both sides, and are often against removing synchronous XHR completely, which is why this mechanism is opt-in.
Edge, Firefox: See https://github.com/WICG/interventions/issues/62#issuecomment-343332995
Safari: No signals
Web developers: No signals
Ergonomics
Are there any other platform APIs this feature will frequently be used in tandem with?
This may be used with other feature policy features, and can easily be integrated into existing policies.
Could the default usage of this API make it hard for Chrome to maintain good performance (i.e. synchronous return, must run on a certain thread, guaranteed return timing)?
The default state of the feature is that synchronous XHR is enabled, which is not great for performance, but it's the current state of the web.
Activation
Will it be challenging for developers to take advantage of this feature immediately, as-is?
Using the feature is as simple as adding an HTTP header to the top-level page of a site, or adding a new attribute, allow="sync-xhr none", to an iframe.
Would this feature benefit from having polyfills, significant documentation and outreach, and/or libraries built on top of it to make it easier to use?
Unknown; documentation and outreach would probably be great, but likely as part of a larger 'modern web' initiative.
Is this feature fully tested by web-platform-tests? Link to test suite results from wpt.fyi.
Yes, the feature is tested at
https://wpt.fyi/XMLHttpRequest/xmlhttprequest-sync-default-feature-policy.sub.html
(moving soon to https://wpt.fyi/xhr/xmlhttprequest-sync-default-feature-policy.sub.html)
Entry on the feature dashboard
We haven't been making chromestatus entries for each feature being moved under feature policy, but happy to make a new one if appropriate.
We haven't been making chromestatus entries for each feature being moved under feature policy, but happy to make a new one if appropriate."
We do tend to do that for other features. For example: https://www.chromestatus.com/features/4973817285836800
I at least need a tracking bug so that DevRel can know when it ships.
Joe
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAK_TSXL7-bwANF0hBi_oM25nv_-GKiYpYsffYC5OhhJGuASZmQ%40mail.gmail.com.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAK_TSXL7-bwANF0hBi_oM25nv_-GKiYpYsffYC5OhhJGuASZmQ%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAK_TSXJWDz4YnzXNzfOW%2Bw%2ByUAsBFMSBDsC8pdu52_iGHYgnow%40mail.gmail.com.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAK_TSXL7-bwANF0hBi_oM25nv_-GKiYpYsffYC5OhhJGuASZmQ%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAK_TSXJWDz4YnzXNzfOW%2Bw%2ByUAsBFMSBDsC8pdu52_iGHYgnow%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFUtAY9uBtvA0Rpid_HFDJOakwAG_uf_zYV%2Bn6BQk5L%3DJWKVzQ%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAKXHy%3DdE9qkz0DyCZ0AeVc30q5NJ54Q1iOiqBkObSz0%2B0ybesg%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/c3258ddb-9354-43f8-9f35-5faf111c8df6%40chromium.org.