The change is in 135, sorry for the delay. Happy to make any changes. Thanks, Viktoria ________________________________ From: Vladimir Levin <vmp...@chromium.org> Sent: Tuesday, March 18, 2025 7:57 PM To: blink-dev <blink-dev@chromium.org> Cc: Viktoria Zlatinova <viktoria.zlatin...@microsoft.com> Subject: [EXTERNAL] Re: [blink-dev] Intent to Ship: Update HTTP request headers, body, and referrer policy on CORS redirect
On Tuesday, March 18, 2025 at 11:38:32 AM UTC-4 Viktoria Zlatinova wrote: Contact emails vizla...@microsoft.com<mailto:vizla...@microsoft.com>, toyos...@chromium.org<mailto:toyos...@chromium.org>, ba...@chromium.org<mailto:ba...@chromium.org> Explainer None Specification https://fetch.spec.whatwg.org/#http-redirect-fetch Summary Update the HTTP request on CORS redirect by removing the request-body-headers and body if the method has changed, and updating the referrer policy. These request updates align with the Fetch spec and match the behavior implemented by Firefox and Safari to improve compatibility. Blink component Blink>Network<https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3ENetwork%22> TAG review None - This change is a bug fix to align with the Fetch spec and other browser behavior. TAG review status Not applicable Risks Interoperability and Compatibility The risk is low for updating the request on CORS redirect to align with the spec and other browsers, but there is still some compatibility risk in modifying existing behavior. Is the plan to enable the feature or do a gradual finch rollout? The latter may be a safer choice to monitor for unexpected breakages Gecko: Shipped/Shipping (https://wpt.fyi/results/xhr/send-redirect-to-cors.htm?label=experimental&label=master&aligned) WebKit: Shipped/Shipping (https://wpt.fyi/results/xhr/send-redirect-to-cors.htm?label=experimental&label=master&aligned) Web developers: Positive (https://issues.chromium.org/issues/40686262) Other signals: WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? None Debuggability The request headers, body, and referrer policy can be inspected using the DevTools Network tab. Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)? Yes Is this feature fully tested by web-platform-tests<https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>? Yes https://wpt.fyi/results/xhr/send-redirect-to-cors.htm?label=experimental&label=master&aligned&q=cors Flag name on about://flags None Finch feature name UpdateRequestForCorsRedirect Requires code in //chrome? False Tracking bug https://issues.chromium.org/issues/40686262 Estimated milestones Shipping on desktop 135 Shipping on Android 135 Shipping on WebView 135 I assume this should be 136. Is that correct? Anticipated spec changes Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (e.g. links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (e.g., changing to naming or structure of the API in a non-backward-compatible way). None Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5129859522887680?gate=5103003008499712 This intent message was generated by Chrome Platform Status<https://chromestatus.com/>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/MW4PR00MB1397D2A3906B16A246399AB686D92%40MW4PR00MB1397.namprd00.prod.outlook.com.
