Opaque Response Blocking (ORB) is a replacement for Cross-Origin Read Blocking (CORB - https://chromestatus.com/feature/5629709824032768). CORB and ORB are both heuristics that attempt to prevent cross-origin disclosure of “no-cors” subresources. This entry tracks "v0.2" of ORB - Chrome's second step towards a full ORB implementation. ORB specifies error handling for blocked resources differently from CORB: ORB raises network errors, while CORB injects an empty response. ORB "v0.1" still used CORB-style response injection. This change brings our implementation more in line with the ORB proposal, by changing the error handling of all fetches (except when initiated by a script) to be compliant with ORB. We've made a carve-out for script-initiated fetches (where we retain CORB behaviour for now) to limit compatibility risk.
This release does not modify blocking behaviour, but only how a blocked resource is represented. Ideally, this change shouldn't break any existing code since any resource that loads (or gets blocked) before will continue to do so after. However, it is possible to distinguish between the different types of error handling, and it may well happen that an application inadvertently relies on blocked resources "succeeding". In our examinations so far, this chiefly concerns fetches using the `fetch()` API, where blocking with a network error results in a failed promise (instead of a success with an empty response). For this reason, we have carved out script-initiated fetches from "v0.2" and intend to handle them at a later date.
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
None
Shipping on desktop | 117 |
DevTrial on desktop | 115 |
Shipping on Android | 117 |
DevTrial on Android | 115 |
Shipping on WebView | 117 |
Contact emails
voge...@chromium.orgSpecification
https://github.com/whatwg/fetch/pull/1442Summary
Opaque Response Blocking (ORB) is a replacement for Cross-Origin Read Blocking (CORB - https://chromestatus.com/feature/5629709824032768). CORB and ORB are both heuristics that attempt to prevent cross-origin disclosure of “no-cors” subresources. This entry tracks "v0.2" of ORB - Chrome's second step towards a full ORB implementation. ORB specifies error handling for blocked resources differently from CORB: ORB raises network errors, while CORB injects an empty response. ORB "v0.1" still used CORB-style response injection. This change brings our implementation more in line with the ORB proposal, by changing the error handling of all fetches (except when initiated by a script) to be compliant with ORB. We've made a carve-out for script-initiated fetches (where we retain CORB behaviour for now) to limit compatibility risk.
Blink component
Internals>Sandbox>SiteIsolationTAG review
None(A TAG review of a particular aspect happened in: https://github.com/w3ctag/design-reviews/issues/618)TAG review status
Not applicableRisks
Interoperability and Compatibility
This release does not modify blocking behaviour, but only how a blocked resource is represented. Ideally, this change shouldn't break any existing code since any resource that loads (or gets blocked) before will continue to do so after. However, it is possible to distinguish between the different types of error handling, and it may well happen that an application inadvertently relies on blocked resources "succeeding". In our examinations so far, this chiefly concerns fetches using the `fetch()` API, where blocking with a network error results in a failed promise (instead of a success with an empty response). For this reason, we have carved out script-initiated fetches from "v0.2" and intend to handle them at a later date.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPPNdN%3DO0j0MhcfudkBtMoYnELhVRJ5nLftB8c1T1UdwbQ%40mail.gmail.com.
On Fri, Jul 21, 2023 at 5:53 PM 'Daniel Vogelheim' via blink-dev <blin...@chromium.org> wrote:Contact emails
voge...@chromium.orgSpecification
https://github.com/whatwg/fetch/pull/1442Summary
Opaque Response Blocking (ORB) is a replacement for Cross-Origin Read Blocking (CORB - https://chromestatus.com/feature/5629709824032768). CORB and ORB are both heuristics that attempt to prevent cross-origin disclosure of “no-cors” subresources. This entry tracks "v0.2" of ORB - Chrome's second step towards a full ORB implementation. ORB specifies error handling for blocked resources differently from CORB: ORB raises network errors, while CORB injects an empty response. ORB "v0.1" still used CORB-style response injection. This change brings our implementation more in line with the ORB proposal, by changing the error handling of all fetches (except when initiated by a script) to be compliant with ORB. We've made a carve-out for script-initiated fetches (where we retain CORB behaviour for now) to limit compatibility risk.
Blink component
Internals>Sandbox>SiteIsolationTAG review
None(A TAG review of a particular aspect happened in: https://github.com/w3ctag/design-reviews/issues/618)TAG review status
Not applicableRisks
Interoperability and Compatibility
This release does not modify blocking behaviour, but only how a blocked resource is represented. Ideally, this change shouldn't break any existing code since any resource that loads (or gets blocked) before will continue to do so after. However, it is possible to distinguish between the different types of error handling, and it may well happen that an application inadvertently relies on blocked resources "succeeding". In our examinations so far, this chiefly concerns fetches using the `fetch()` API, where blocking with a network error results in a failed promise (instead of a success with an empty response). For this reason, we have carved out script-initiated fetches from "v0.2" and intend to handle them at a later date.
OK, so how would this change be web exposed? Are there scenarios where an "error" event would now fire instead of a "load" event?
On Mon, Jul 24, 2023 at 5:24 PM Yoav Weiss <yoav...@chromium.org> wrote:On Fri, Jul 21, 2023 at 5:53 PM 'Daniel Vogelheim' via blink-dev <blin...@chromium.org> wrote:Contact emails
voge...@chromium.orgSpecification
https://github.com/whatwg/fetch/pull/1442Summary
Opaque Response Blocking (ORB) is a replacement for Cross-Origin Read Blocking (CORB - https://chromestatus.com/feature/5629709824032768). CORB and ORB are both heuristics that attempt to prevent cross-origin disclosure of “no-cors” subresources. This entry tracks "v0.2" of ORB - Chrome's second step towards a full ORB implementation. ORB specifies error handling for blocked resources differently from CORB: ORB raises network errors, while CORB injects an empty response. ORB "v0.1" still used CORB-style response injection. This change brings our implementation more in line with the ORB proposal, by changing the error handling of all fetches (except when initiated by a script) to be compliant with ORB. We've made a carve-out for script-initiated fetches (where we retain CORB behaviour for now) to limit compatibility risk.
Blink component
Internals>Sandbox>SiteIsolationTAG review
None(A TAG review of a particular aspect happened in: https://github.com/w3ctag/design-reviews/issues/618)TAG review status
Not applicableRisks
Interoperability and Compatibility
This release does not modify blocking behaviour, but only how a blocked resource is represented. Ideally, this change shouldn't break any existing code since any resource that loads (or gets blocked) before will continue to do so after. However, it is possible to distinguish between the different types of error handling, and it may well happen that an application inadvertently relies on blocked resources "succeeding". In our examinations so far, this chiefly concerns fetches using the `fetch()` API, where blocking with a network error results in a failed promise (instead of a success with an empty response). For this reason, we have carved out script-initiated fetches from "v0.2" and intend to handle them at a later date.
OK, so how would this change be web exposed? Are there scenarios where an "error" event would now fire instead of a "load" event?Yes, exactly. If a site is waiting for an onload event - despite not really caring about whether the load is actually meaningful, since it currently already loads empty - then it would see a behavioural change.
On Mon, Jul 24, 2023 at 5:44 PM Daniel Vogelheim <voge...@google.com> wrote:On Mon, Jul 24, 2023 at 5:24 PM Yoav Weiss <yoav...@chromium.org> wrote:On Fri, Jul 21, 2023 at 5:53 PM 'Daniel Vogelheim' via blink-dev <blin...@chromium.org> wrote:Contact emails
voge...@chromium.orgSpecification
https://github.com/whatwg/fetch/pull/1442Summary
Opaque Response Blocking (ORB) is a replacement for Cross-Origin Read Blocking (CORB - https://chromestatus.com/feature/5629709824032768). CORB and ORB are both heuristics that attempt to prevent cross-origin disclosure of “no-cors” subresources. This entry tracks "v0.2" of ORB - Chrome's second step towards a full ORB implementation. ORB specifies error handling for blocked resources differently from CORB: ORB raises network errors, while CORB injects an empty response. ORB "v0.1" still used CORB-style response injection. This change brings our implementation more in line with the ORB proposal, by changing the error handling of all fetches (except when initiated by a script) to be compliant with ORB. We've made a carve-out for script-initiated fetches (where we retain CORB behaviour for now) to limit compatibility risk.
Blink component
Internals>Sandbox>SiteIsolationTAG review
None(A TAG review of a particular aspect happened in: https://github.com/w3ctag/design-reviews/issues/618)TAG review status
Not applicableRisks
Interoperability and Compatibility
This release does not modify blocking behaviour, but only how a blocked resource is represented. Ideally, this change shouldn't break any existing code since any resource that loads (or gets blocked) before will continue to do so after. However, it is possible to distinguish between the different types of error handling, and it may well happen that an application inadvertently relies on blocked resources "succeeding". In our examinations so far, this chiefly concerns fetches using the `fetch()` API, where blocking with a network error results in a failed promise (instead of a success with an empty response). For this reason, we have carved out script-initiated fetches from "v0.2" and intend to handle them at a later date.
OK, so how would this change be web exposed? Are there scenarios where an "error" event would now fire instead of a "load" event?Yes, exactly. If a site is waiting for an onload event - despite not really caring about whether the load is actually meaningful, since it currently already loads empty - then it would see a behavioural change.Do we have stats on how often that would happen? (e.g. how often an onload event fires on an ORB empty resource?)
Gecko: No signal (https://bugzilla.mozilla.org/show_bug.cgi?id=1532642) In implementation.
Specification
https://github.com/whatwg/fetch/pull/1442
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfVY%2BTDQMku-TkjrnkkeDu_%2B7Gf_d1u3UTs-AxZ9SxdXZA%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAP-uykDddQpLPP%3DehPYSDdTVLi1qxMaOtsU5JXd9H%3DcLJRD5%2Bg%40mail.gmail.com.
Gecko has a variant of ORB enabled currently in early beta and earlier https://bugzilla.mozilla.org/show_bug.cgi?id=1821682We had full ORB, but had to relax the rules a bit similarly to what Blink has done, if I understood correctly.And there is also an experiment ongoing.But I can't recall the details whether Gecko's implementation matches Blink v0.2 exactly (and some folks are on vacation atm so I can't ask right now).
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPMpGi0K71%3DF8i4SjKt_1RuVnpAiavv1mArDO--rzLSSwA%40mail.gmail.com.
LGTM3
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfWcnLZhP39z%2B41fEhWSV-ZfhYCcaAae_EUDDtfXTxUuqw%40mail.gmail.com.
It looks like the spec PR here has been dormant for something like ~9 months. Are there any plans to help drive it to the finish line, especially given the TODOs listed in the OP? How should we all think about whatever work might remain there, and possibly deviate from what Chrome plans on shipping?
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/3ccd3d3a-ca7d-4df1-aa4c-69d62279d924%40chromium.org.
It looks like the spec PR here has been dormant for something like ~9 months. Are there any plans to help drive it to the finish line, especially given the TODOs listed in the OP? How should we all think about whatever work might remain there, and possibly deviate from what Chrome plans on shipping?Hello, I'm still a little curious if there are plans to advance the spec PR anymore, so that it matches what we're attempting to ship? Or is there something new that has superseded that work, making it (and my question) obsolete?
LGTM1 to turn it on in M118 beta and report back to this group about use counter results/bugs reported on beta before it reaches stable.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPOi_sOLKazGH-2fno%3DQXegL7oO6RyDe4c5zudWro3DGdA%40mail.gmail.com.