Intent to {ship, change behavior}: lowercase header names in XHR.getAllResponseHeaders()
29 views
Skip to first unread message
Raphael Kubo da Costa
Apr 20, 2017, 11:09:30 AM4/20/17
to blin...@chromium.org
Hirano-san started a thread earlier today asking whether this change
deserved an intent-to-something email. Since the consensus seems to be
that sending an intent message doesn't hurt, I'm starting this thread
that's a mix between an intent to implement and an intent to ship: this
is not about a new feature or API, but rather changing the behavior of
an existing API call.
Intent to Implement/Ship
------------------------
Return lower-case header names in XMLHttpRequest.getAllResponseHeaders()
Contact emails
--------------
raphael.ku...@intel.com
tyos...@chromium.org
yhi...@chromium.org
Spec
----
https://xhr.spec.whatwg.org/#the-getallresponseheaders%28%29-method
Summary
-------
In June 2016, the XHR spec was updated and getAllResponseHeaders()'s
description started referencing the Fetch spec to determine how the
headers and values should be returned:
<https://github.com/whatwg/xhr/commit/ecce3904ace0dbe382a652ea1d8e29c7885fe8c4>
Specifically, it refers to Fetch's "sort and combine" steps that include
lower-casing all header names, which was not the case before.
We'd like to align Blink's behavior with the spec and start lower-casing
the header names returned by XHR.getAllResponseHeaders().
Despite its title, http://crrev.com/2787003002 already did the same to
Blink's Fetch API code.
Motivation
----------
Align Blink's implementation with the spec, make more web-platform-tests
pass and reduce interoperability issues.
Interoperability risk
---------------------
Firefox: under development
https://bugzilla.mozilla.org/show_bug.cgi?id=1348390#c8
Edge: ?
Safari: Similar change landed in March 2017
https://bugs.webkit.org/show_bug.cgi?id=169286
Web developers: ?
Compatibility risk
------------------
This is the biggest question. Quoting Mike West in the other thread:
> it's a developer-visible change in behavior that you could imagine
> sufficiently brittle code relying on: `x == "Content-Type"` will fail
> tomorrow when it didn't fail today. I think lowercasing is a
> reasonable change to make, but it's something we'd also want to tell
> developers about in one way or another, and evaluate whether other
> vendors will hop on board.
Is this feature supported on all six Blink platforms?
-----------------------------------------------------
Yes.
Is this feature fully tested by web-platform-tests?
---------------------------------------------------
Yes.
Related bug report
------------------
https://bugs.chromium.org/p/chromium/issues/detail?id=700434
Requesting approval to ship the behavior change
-----------------------------------------------
Yes, in master (M60).
deserved an intent-to-something email. Since the consensus seems to be
that sending an intent message doesn't hurt, I'm starting this thread
that's a mix between an intent to implement and an intent to ship: this
is not about a new feature or API, but rather changing the behavior of
an existing API call.
Intent to Implement/Ship
------------------------
Return lower-case header names in XMLHttpRequest.getAllResponseHeaders()
Contact emails
--------------
raphael.ku...@intel.com
tyos...@chromium.org
yhi...@chromium.org
Spec
----
https://xhr.spec.whatwg.org/#the-getallresponseheaders%28%29-method
Summary
-------
In June 2016, the XHR spec was updated and getAllResponseHeaders()'s
description started referencing the Fetch spec to determine how the
headers and values should be returned:
<https://github.com/whatwg/xhr/commit/ecce3904ace0dbe382a652ea1d8e29c7885fe8c4>
Specifically, it refers to Fetch's "sort and combine" steps that include
lower-casing all header names, which was not the case before.
We'd like to align Blink's behavior with the spec and start lower-casing
the header names returned by XHR.getAllResponseHeaders().
Despite its title, http://crrev.com/2787003002 already did the same to
Blink's Fetch API code.
Motivation
----------
Align Blink's implementation with the spec, make more web-platform-tests
pass and reduce interoperability issues.
Interoperability risk
---------------------
Firefox: under development
https://bugzilla.mozilla.org/show_bug.cgi?id=1348390#c8
Edge: ?
Safari: Similar change landed in March 2017
https://bugs.webkit.org/show_bug.cgi?id=169286
Web developers: ?
Compatibility risk
------------------
This is the biggest question. Quoting Mike West in the other thread:
> it's a developer-visible change in behavior that you could imagine
> sufficiently brittle code relying on: `x == "Content-Type"` will fail
> tomorrow when it didn't fail today. I think lowercasing is a
> reasonable change to make, but it's something we'd also want to tell
> developers about in one way or another, and evaluate whether other
> vendors will hop on board.
Is this feature supported on all six Blink platforms?
-----------------------------------------------------
Yes.
Is this feature fully tested by web-platform-tests?
---------------------------------------------------
Yes.
Related bug report
------------------
https://bugs.chromium.org/p/chromium/issues/detail?id=700434
Requesting approval to ship the behavior change
-----------------------------------------------
Yes, in master (M60).
PhistucK
Apr 20, 2017, 12:10:51 PM4/20/17
to Raphael Kubo da Costa, blink-dev
Note that you should not use customized subject names, the template subjects -
Intent to ship: foo
Intent to implement and ship: foo
Intent to implement: foo
Intent to experiment: foo
Are needed for various tools to collect those intents and monitor them.
You maye want to resend it.
Regarding the intent itself -
I searched GitHub superficially and in the first page, I only found one usage instance of this that actually looks for header names in a case sensitive way. The rest were either smart about it (matched case insensitively), or were simply logging headers to the console or similar. While a single search results page is by no means exhaustive or extensive, obviously, it is a small indication that this might be relatively safe, especially given that getResponseHeader exists for getting values of specific headers.
☆PhistucK
On Thu, Apr 20, 2017 at 6:09 PM, Raphael Kubo da Costa <raphael.ku...@intel.com> wrote:
Hirano-san started a thread earlier today asking whether this change
deserved an intent-to-something email. Since the consensus seems to be
that sending an intent message doesn't hurt, I'm starting this thread
that's a mix between an intent to implement and an intent to ship: this
is not about a new feature or API, but rather changing the behavior of
an existing API call.
Intent to Implement/Ship
------------------------
Return lower-case header names in XMLHttpRequest.getAllResponseHeaders()
Contact emails
--------------
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
Rick Byers
Apr 22, 2017, 4:00:31 AM4/22/17
to PhistucK, Raphael Kubo da Costa, blink-dev
Thanks for doing the GitHub search PhistucK - that gives us some amount of confidence.
Evaluating the compat risk (beyond just scanning existing websites) certainly seems tough on this one. Perhaps we should add a UseCounter for getAllResponseHeaders to place an upper bound on the possible breakage? If that's small (eg. <0.1% of page views) then I'd have no hesitation with just giving this a try. If it was large, then I'd probably advocate for some additional analysis (eg. we could try to do a more systemic look at the top hits in HTTP Archive). Other thoughts?
That WebKit has landed this already is helpful, but given that we'd still likely ship to a large audience before Safari, I think the compat risk is still really on us. I didn't see any real discussion of compat risk in their bug.
On Fri, Apr 21, 2017 at 1:10 AM, PhistucK <phis...@gmail.com> wrote:
Note that you should not use customized subject names, the template subjects -Intent to ship: fooIntent to implement and ship: fooIntent to implement: fooIntent to experiment: fooAre needed for various tools to collect those intents and monitor them.You maye want to resend it.Regarding the intent itself -I searched GitHub superficially and in the first page, I only found one usage instance of this that actually looks for header names in a case sensitive way. The rest were either smart about it (matched case insensitively), or were simply logging headers to the console or similar. While a single search results page is by no means exhaustive or extensive, obviously, it is a small indication that this might be relatively safe, especially given that getResponseHeader exists for getting values of specific headers.
☆PhistucK
On Thu, Apr 20, 2017 at 6:09 PM, Raphael Kubo da Costa <raphael.kubo.da.costa@intel.com> wrote:
Hirano-san started a thread earlier today asking whether this change
deserved an intent-to-something email. Since the consensus seems to be
that sending an intent message doesn't hurt, I'm starting this thread
that's a mix between an intent to implement and an intent to ship: this
is not about a new feature or API, but rather changing the behavior of
an existing API call.
Intent to Implement/Ship
------------------------
Return lower-case header names in XMLHttpRequest.getAllResponseHeaders()
Contact emails
--------------
Reply all
Reply to author
Forward
0 new messages