[blink-dev] Intent to Ship: Update HTTP request headers, body, and referrer policy on CORS redirect
258 views
Skip to first unread message
Viktoria Zlatinova
Mar 18, 2025, 11:38:32 AMMar 18
to blin...@chromium.org
Contact emails
Explainer
None
Specification
Summary
Update the HTTP request on CORS redirect by removing the request-body-headers and body if the method has changed, and updating the referrer policy. These request updates align with the Fetch spec and match the behavior implemented by Firefox and Safari to improve
compatibility.
Blink component
TAG review
None - This change is a bug fix to align with the Fetch spec and other browser behavior.
TAG review status
Not applicable
Risks
Interoperability and Compatibility
The risk is low for updating the request on CORS redirect to align with the spec and other browsers, but there is still some compatibility risk in modifying existing behavior.
Gecko: Shipped/Shipping (https://wpt.fyi/results/xhr/send-redirect-to-cors.htm?label=experimental&label=master&aligned)
WebKit: Shipped/Shipping (https://wpt.fyi/results/xhr/send-redirect-to-cors.htm?label=experimental&label=master&aligned)
Web developers: Positive (https://issues.chromium.org/issues/40686262)
Other signals:
WebView application risks
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
None
Debuggability
The request headers, body, and referrer policy can be inspected using the DevTools Network tab.
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?
Yes
Yes
https://wpt.fyi/results/xhr/send-redirect-to-cors.htm?label=experimental&label=master&aligned&q=cors
Flag name on about://flags
None
Finch feature name
UpdateRequestForCorsRedirect
Requires code in //chrome?
False
Tracking bug
Estimated milestones
|
Shipping on desktop
|
135
|
|
Shipping on Android
|
135
|
|
Shipping on WebView
|
135
|
Anticipated spec changes
Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (e.g. links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (e.g.,
changing to naming or structure of the API in a non-backward-compatible way).
None
Link to entry on the Chrome Platform Status
This intent message was generated by Chrome Platform Status.
Vladimir Levin
Mar 18, 2025, 10:57:45 PMMar 18
to blink-dev, Viktoria Zlatinova
On Tuesday, March 18, 2025 at 11:38:32 AM UTC-4 Viktoria Zlatinova wrote:
Contact emailsExplainerNone
SpecificationSummaryUpdate the HTTP request on CORS redirect by removing the request-body-headers and body if the method has changed, and updating the referrer policy. These request updates align with the Fetch spec and match the behavior implemented by Firefox and Safari to improve compatibility.
Blink componentTAG reviewNone - This change is a bug fix to align with the Fetch spec and other browser behavior.
TAG review statusNot applicable
Risks
Interoperability and CompatibilityThe risk is low for updating the request on CORS redirect to align with the spec and other browsers, but there is still some compatibility risk in modifying existing behavior.
Is the plan to enable the feature or do a gradual finch rollout? The latter may be a safer choice to monitor for unexpected breakages
I assume this should be 136. Is that correct?
Viktoria Zlatinova
Mar 19, 2025, 5:09:55 PMMar 19
to Vladimir Levin, blink-dev
The change is in 135, sorry for the delay. Happy to make any changes.
Thanks,
Viktoria
From: Vladimir Levin <vmp...@chromium.org>
Sent: Tuesday, March 18, 2025 7:57 PM
To: blink-dev <blin...@chromium.org>
Cc: Viktoria Zlatinova <Viktoria....@microsoft.com>
Subject: [EXTERNAL] Re: [blink-dev] Intent to Ship: Update HTTP request headers, body, and referrer policy on CORS redirect
Sent: Tuesday, March 18, 2025 7:57 PM
To: blink-dev <blin...@chromium.org>
Cc: Viktoria Zlatinova <Viktoria....@microsoft.com>
Subject: [EXTERNAL] Re: [blink-dev] Intent to Ship: Update HTTP request headers, body, and referrer policy on CORS redirect
Alex Russell
Mar 24, 2025, 2:17:38 PMMar 24
to blink-dev, Viktoria Zlatinova, Vladimir Levin
LGTM1
On Wednesday, March 19, 2025 at 2:09:55 PM UTC-7 Viktoria Zlatinova wrote:
The change is in 135, sorry for the delay. Happy to make any changes.
Thanks,Viktoria
From: Vladimir Levin <vmp...@chromium.org>
Sent: Tuesday, March 18, 2025 7:57 PM
To: blink-dev <blin...@chromium.org>
Cc: Viktoria Zlatinova <Viktoria.Zlatinova@microsoft.com>
Domenic Denicola
Mar 24, 2025, 10:28:16 PMMar 24
to blink-dev, Alex Russell, Viktoria Zlatinova, Vladimir Levin
LGTM2.
I don't believe a gradual Finch rollout is necessary. (Nor do I think it's a good idea; it would lead to non-reproducible heisenbugs for web developers where they see different results in different browser sessions.)
But, we should stay vigilant on compat implications and use Finch to killswitch this change if there are unanticipated breakages.
Mike Taylor
Mar 26, 2025, 9:28:13 AMMar 26
to Domenic Denicola, blink-dev, Alex Russell, Viktoria Zlatinova, Vladimir Levin
LGTM3
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/1d309905-4989-497d-9fe1-425cb542bfedn%40chromium.org.
Reply all
Reply to author
Forward
0 new messages