Merge request issue is at https://issues.chromium.org/issues/441770546 CL is at https://chromium-review.googlesource.com/c/chromium/src/+/6897886
On Thu, Aug 28, 2025 at 9:37 PM Yoav Weiss (@Shopify) < [email protected]> wrote: > > > On Thu, Aug 28, 2025 at 6:21 PM 'Krishna Govind' via blink-dev < > [email protected]> wrote: > >> Hi Mike, >> >> Thank you for including Srinivas and me in this discussion. >> >> Since M140 was released to early stable yesterday with this feature >> enabled by default and without all necessary approvals, it's critical that >> we merge the revert to M140 and recut the M140 Stable RC for release on >> Tuesday, September 2nd. >> >> I request that the revert be landed to trunk as soon as possible: [ >> https://chromium-review.googlesource.com/c/chromium/src/+/6895357] >> >> I have a few questions for clarity: >> >> >> - Is this feature applicable only to Windows? I'm asking because it's >> listed under the Blink component, but the bug only has OS=Windows >> applied: [ >> https://g-issues.chromium.org/issues/409959472]. >> >> I believe the feature is applicable to all OSes beyond iOS. > >> >> - How safe is it to disable this feature this late in the M140 >> release cycle? >> - The enabled-by-default CL >> <https://chromium-review.googlesource.com/c/chromium/src/+/6509110> >> landed on July 12th in Canary 140.0.7309.0, and we branched M140 >> (7339) on >> August 4th. >> >> I believe it's safe to disable. > >> >> - Do we have any coverage at all with this feature disabled? >> >> In terms of tests I believe the CL's revert also removes the relevant > WPTs. > > >> - Please provide a launch bug for this feature. >> >> https://issues.chromium.org/issues/409959472 > > >> We will need to create an IRM and request a postmortem for this. >> >> @Srinivas Sista <[email protected]> for his input as well. >> >> >> Thank you, >> Krishna >> >> On Thu, Aug 28, 2025 at 8:39 AM Mike Taylor <[email protected]> >> wrote: >> >>> Thanks Helmet - please don't be too hard on yourself. We've all been >>> there. :) >>> >>> For now, I would recommend getting the revert landed and requesting a >>> merge into beta. Thanks for requesting the other reviews. >>> On 8/28/25 5:36 p.m., Helmut Januschka wrote: >>> >>> again, super sorry, this might be the single worst chromium day i had >>> since my first contribution. >>> tried to fillout everything in chromestatus entry, and request all the >>> reviews again. >>> >>> a revert CL is here: >>> https://chromium-review.googlesource.com/c/chromium/src/+/6895357 ready >>> to review/submit. >>> >>> just a note, about potential breakage, the WPT's i added, did pass on >>> other browsers already (that should be no excuse; but might be a hint of a >>> hopefully non-nuclear blast radius) >>> >>> please feel free - to let me know what the next steps are, i am fully >>> committed to do whatever is necessary to turn this situation into a >>> positive state. >>> >>> Am Do., 28. Aug. 2025 um 16:54 Uhr schrieb Mike Taylor < >>> [email protected]>: >>> >>>> Hey Helmut, >>>> >>>> Oops. It's unfortunate that this feature is missing Privacy, Security, >>>> Enterprise, Debuggability & Testing reviews (per Chris' request back in >>>> May)... but I think more concerning is the fact that it's not guarded >>>> behind a feature flag. If we do end up breaking some sites (the risk seems >>>> pretty low, I think... but not zero, and sometimes it takes a few months >>>> for subtle bugs to be understood), we don't have an easy way to disable >>>> this besides merges and a Stable respin. My instinct would be to revert the >>>> CL on trunk and get that merged to 141 Beta ASAP. Adding M140 release >>>> owners Srinivas and Krishna for their guidance on what to do for the stable >>>> release (maybe nothing is the right answer - it doesn't seem like an >>>> emergency right now). >>>> >>>> You could then re-land the feature behind a disabled-by-default flag, >>>> and work through the normal reviews process. >>>> >>>> (There are also unanswered questions from Chris that would help API >>>> OWNERs review the feature - can you answer those and kick off the reviews >>>> in the chromestatus entry?) >>>> >>>> thanks, >>>> Mike >>>> On 8/27/25 4:11 p.m., Helmut Januschka wrote: >>>> >>>> Hi all, >>>> >>>> I mistakenly landed the [CL]( >>>> https://chromium-review.googlesource.com/c/chromium/src/+/6509110) in >>>> M140 before getting the intent to ship approved. My apologies for that. >>>> >>>> >>>> I'd appreciate guidance on how to proceed, given that. >>>> One way to go would be to keep the CL landed, and get your approvals >>>> (and the approval of the various checks retroactively). >>>> Another would be to revert the CL and try to merge-back that revert to >>>> 140 (allthough stable cut was yesterday :'( ). >>>> >>>> Please let me know which way you prefer to go. >>>> >>>> Thanks, >>>> >>>> Chris Harrelson schrieb am Mittwoch, 14. Mai 2025 um 17:13:58 UTC+2: >>>> >>>>> Please also fill out the Privacy, Security, Enterprise, Debuggability >>>>> and Testing sections in the chromestatus entry. >>>>> >>>>> On Tue, May 13, 2025 at 9:51 PM Domenic Denicola <[email protected]> >>>>> wrote: >>>>> >>>>>> >>>>>> >>>>>> On Wed, May 14, 2025 at 5:10 AM Chromestatus < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Contact emails [email protected] >>>>>>> >>>>>>> Explainer None >>>>>>> >>>>>>> Specification >>>>>>> https://html.spec.whatwg.org/multipage/links.html#link-type-modulepreload:script-fetch-options >>>>>>> >>>>>>> Summary >>>>>>> >>>>>>> Fixes modulepreload to properly send referrer headers by using >>>>>>> ClientReferrerString() instead of NoReferrer(). This aligns Chrome with >>>>>>> the >>>>>>> HTML specification which requires using the client's referrer for module >>>>>>> fetches. Includes WPT test verifying both dynamic imports and >>>>>>> modulepreload >>>>>>> correctly send referrer headers. >>>>>>> >>>>>> >>>>>> Can you update this to talk about what effects web developers see, >>>>>> instead of using the names of Chromium-codebase functions? This summary >>>>>> will be reflected to web developer-facing blog posts and such. >>>>>> >>>>>> >>>>>>> >>>>>>> >>>>>>> Blink component Blink>Loader>Preload >>>>>>> <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3ELoader%3EPreload%22> >>>>>>> >>>>>>> TAG review None >>>>>>> >>>>>>> TAG review status Not applicable >>>>>>> >>>>>>> Risks >>>>>>> >>>>>>> >>>>>>> Interoperability and Compatibility >>>>>>> >>>>>>> The primary risk is that some servers may have adapted to Chrome's >>>>>>> non-standard behavior, implementing logic that assumes modulepreload >>>>>>> requests will never include referrer headers. These systems could >>>>>>> potentially mishandle or reject requests with the newly added referrer >>>>>>> information. However, this risk is mitigated by the fact that other >>>>>>> major >>>>>>> browsers already implement the correct behavior, meaning most >>>>>>> cross-browser >>>>>>> web applications should already handle referrer headers properly. >>>>>>> Additionally, since modulepreload is a relatively recent feature, >>>>>>> widespread dependence on the incorrect behavior is unlikely. The >>>>>>> benefit of >>>>>>> standards compliance and consistent behavior across script loading >>>>>>> methods >>>>>>> outweighs these potential compatibility concerns. >>>>>>> >>>>>>> >>>>>>> *Gecko*: Shipped/Shipping >>>>>>> >>>>>>> *WebKit*: Shipped/Shipping >>>>>>> >>>>>>> *Web developers*: No signals >>>>>>> >>>>>>> *Other signals*: >>>>>>> >>>>>>> WebView application risks >>>>>>> >>>>>>> Does this intent deprecate or change behavior of existing APIs, such >>>>>>> that it has potentially high risk for Android WebView-based >>>>>>> applications? >>>>>>> >>>>>>> None >>>>>>> >>>>>>> >>>>>>> Debuggability >>>>>>> >>>>>>> None >>>>>>> >>>>>>> >>>>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>>>> Mac, Linux, ChromeOS, Android, and Android WebView)? No >>>>>>> >>>>>>> Is this feature fully tested by web-platform-tests >>>>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>>>> ? No >>>>>> >>>>>> >>>>>> Above you said there were WPTs, but here you say there are not. Which >>>>>> is correct? If there are such tests, can you provide links to them? >>>>>> >>>>>> >>>>>>> >>>>>>> >>>>>>> Flag name on about://flags None >>>>>>> >>>>>>> Finch feature name None >>>>>>> >>>>>>> Non-finch justification None >>>>>> >>>>>> >>>>>> Either a Finch feature name or (rarely) a non-Finch justification is >>>>>> necessary for any possibly-breaking change like this. >>>>>> >>>>>> >>>>>>> >>>>>>> >>>>>>> Rollout plan Will ship enabled for all users >>>>>>> >>>>>>> Requires code in //chrome? False >>>>>>> >>>>>>> Tracking bug https://crbug.com/409959472 >>>>>>> >>>>>>> Estimated milestones >>>>>>> >>>>>>> No milestones specified >>>>>>> >>>>>>> >>>>>>> Anticipated spec changes >>>>>>> >>>>>>> Open questions about a feature may be a source of future web compat >>>>>>> or interop issues. Please list open issues (e.g. links to known github >>>>>>> issues in the project for the feature specification) whose resolution >>>>>>> may >>>>>>> introduce web compat/interop risk (e.g., changing to naming or >>>>>>> structure of >>>>>>> the API in a non-backward-compatible way). >>>>>>> None >>>>>>> >>>>>>> Link to entry on the Chrome Platform Status >>>>>>> https://chromestatus.com/feature/5144463990849536?gate=4969922291302400 >>>>>>> >>>>>>> This intent message was generated by Chrome Platform Status >>>>>>> <https://chromestatus.com>. >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "blink-dev" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> To view this discussion visit >>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/6823a747.050a0220.624fd.01b3.GAE%40google.com >>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/6823a747.050a0220.624fd.01b3.GAE%40google.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "blink-dev" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> >>>>> To view this discussion visit >>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAM0wra-BywrbKFHpjkM-SVespzLEesezHZSkn9S_vy1UrWXKjQ%40mail.gmail.com >>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAM0wra-BywrbKFHpjkM-SVespzLEesezHZSkn9S_vy1UrWXKjQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "blink-dev" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion visit >>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/b42f99d4-1881-476a-acfc-e98bde8dee54n%40chromium.org >>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/b42f99d4-1881-476a-acfc-e98bde8dee54n%40chromium.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMf41adLTqu70hNjXPWUZBEW8QXS53WKAdBH-Wy0G3bh40dBXA%40mail.gmail.com >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMf41adLTqu70hNjXPWUZBEW8QXS53WKAdBH-Wy0G3bh40dBXA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOmohS%2BnkEywgfJf%3DK7xaRP_8uaWBkOgyW1-gqZP5jFV_JdOCg%40mail.gmail.com.
