Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove CORB #1441

Merged
merged 1 commit into from
May 25, 2022
Merged

Remove CORB #1441

merged 1 commit into from
May 25, 2022

Conversation

annevk
Copy link
Member

@annevk annevk commented May 16, 2022
edited by pr-preview bot
Loading

It's not implemented as specified and only has one interested implementer.

  • At least two implementers are interested (and none opposed):
  • Tests are written and can be reviewed and commented upon at:
  • Implementation bugs are filed:
    • Chrome: …
    • Firefox: …
    • Safari: …
    • Deno (not for CORS changes): …

(See WHATWG Working Mode: Changes for more details.)

Preview | Diff

@annevk
Remove CORB
c4532ce 
It's not implemented as specified and only has one interested implementer.
@annevk annevk added the removal/deprecation Removing or deprecating a feature label May 16, 2022
@annevk
Copy link
Member Author

annevk commented May 16, 2022

@anforowicz you probably know best what would need to happen here in terms of test changes. I was thinking I would create a PR for ORB on top of this so we'd have a clean slate.

@anforowicz
Copy link
Contributor

I support removing CORB from the spec and WPT. I hope that existing CORB WPT coverage can be refactored to support/cover ORB instead:

  1. Expecting blocked responses to hit a network error (instead of just having an empty response body). FWIW I've pinged https://crbug.com/827633 - one action item for Chrome might be to quantify the perceived risk of blocking-by-network-error VS blocking-by-injecting-empty-response-body (and if that risk is small, then Chrome should just switch to blocking-by-network-error).
  2. Covering additional scenarios where CORB and ORB differ in their allow-vs-block decision. (It seems that most of the CORB-specific WPT testcases cover scenarios where ORB would behave in a similar way wrt allow-vs-block decision.)

@anforowicz
Copy link
Contributor

Focusing on this specific PR:

  • This PR LGTM.
  • I wonder if before landing this PR, it might be worth putting together (and discussing/reviewing) a PR that adds ORB to the spec.

@annevk
Copy link
Member Author

annevk commented May 16, 2022

I suspect I'll have enough time tomorrow to put a draft ORB PR up. That will be based on the existing text. I'll also try to triage the ORB issues to figure out which need to be resolved for v0.

@annevk
Copy link
Member Author

annevk commented May 17, 2022

Okay, #1442 is now up for early review. It also gives a basic outline of the issues we still need to resolve.

This was referenced May 17, 2022
Closed
Closed
Closed
@annevk
Copy link
Member Author

annevk commented May 18, 2022

I plan to land this one week from now. Please chime in if you have concerns.

@KhafraDev KhafraDev mentioned this pull request May 20, 2022
Merged
@annevk annevk merged commit 78f9bdd into main May 25, 2022
@annevk annevk deleted the annevk/corb branch May 25, 2022 08:18
fmarier added a commit to fmarier/webappsec-post-spectre-webdev that referenced this pull request Jun 30, 2023
@fmarier
Replace CORB link with Chromium explainer
503e3b7 
CORB was removed from Fetch in 2022 and so the existing links no
longer work: whatwg/fetch#1441
@fmarier fmarier mentioned this pull request Jun 30, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
removal/deprecation Removing or deprecating a feature topic: orb
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@annevk @anforowicz