CORB: update the console message |
||||||||
Issue description
Currently the CORB console error looks as follows:
Blocked current origin from receiving cross-site document at <url> with MIME type <type>.
We should:
- s/cross-site/cross-origin/
- add some references to Cross-Origin Read Blocking (CORB)
- maybe include "Cross-Origin Read Blocking (CORB)" in the console message itself?
- maybe include a link to the explainer?
,
May 23 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/4742a48e3739bb63798d9bf2e5aafdfe3af1d044 commit 4742a48e3739bb63798d9bf2e5aafdfe3af1d044 Author: Lukasz Anforowicz <lukasza@chromium.org> Date: Wed May 23 22:02:06 2018 Tweak the console message for CORB-protected responses. Bug: 829874 Change-Id: I76f1a5a795db62d32e550f0b9e7f3a7eeac22b90 Reviewed-on: https://chromium-review.googlesource.com/1069344 Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Reviewed-by: Charlie Reis <creis@chromium.org> Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org> Cr-Commit-Position: refs/heads/master@{#561268} [modify] https://crrev.com/4742a48e3739bb63798d9bf2e5aafdfe3af1d044/third_party/blink/renderer/devtools/front_end/sdk/NetworkManager.js
,
May 23 2018
govind@, is the CL in #c2 something that you would still consider for merging into M66? So far the change hasn't even made it into a Canary (I did some light testing on a local build of Chrome), but I thought that it would be good to loop you in early. The CL is very simple and low risk: - No code/behavior changes - The CL only changes contents of a hardcoded string literal with a message emitted by DevTools when CORB (part of Site Isolation) blocks a response. This string doesn't appear to need localization (the string will be consumed by web developers + the string doesn't appear in any grd or other localization-related files on Chromium Code Search). Having the CL in M67 would hopefully mean that we will be able to get better/earlier reports of CORB issues that might surface during Site Isolation launch. This CL is definitely not a blocker and we can certainly go ahead with the Site Isolation launch without the CL from #c2, but I think that merging this CL into M67 might still be desirable. PS. creis@ and me plan to work tomorrow to revise https://www.chromestatus.com/feature/5629709824032768 so that it gives the right information to web developers who might end there because of the console message revised in #c2 (the tentative plan is to put a longer explanation into a separate "CORB guidance for web developers" section in the CORB explainer and link there from the chromestatus.com page).
,
May 23 2018
This bug requires manual review: We are only 5 days from stable. Please contact the milestone owner if you have questions. Owners: cmasso@(Android), cmasso@(iOS), kbleicher@(ChromeOS), govind@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 23 2018
Pls update the bug with canary result tomorrow. Also is CL listed at #2 critical to include in M67 stable promotion (First M67 stable release)? OR can it be included in next M67 stable respin (if any)? Pls apply appropriate OSs label as well. Thank you.
,
May 23 2018
To be clear, comment 3 is about merging to M67, not M66. :) I can see the benefit of merging this to M67 to have error messages that are more actionable for users, since this will be more visible when Site Isolation is enabled. It's definitely a low risk change, but I agree with the plan to wait until the CL is in tomorrow's Canary to do the merge. Comment 5: It is not critical to have this CL in the first M67 stable promotion, so if this week's beta becomes the first stable build without having this CL, that's fine. Merging it tomorrow would at least include the change in the next M67 stable respin, which seems sufficient to me. Thanks!
,
May 23 2018
Thank you creis@. Yeah, comment #3 is for M67 merge :-) OK, pls update the bug with canary result tomorrow. Once merged it will either go to 1st Stable (if we retrigger RC) or next stable respin (if any).
,
May 24 2018
The NextAction date has arrived: 2018-05-24
,
May 24 2018
I've verified in 68.0.3439.0 Canary on Windows, that the console message looks correct - for example: Cross-Origin Read Blocking (CORB) blocked cross-origin response https://googleads.g.doubleclick.net/pagead/ide_cookie with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.
,
May 24 2018
Approving merge to M67 branch 3396 based on comments #6 and #9. Please merge. Thank you.
,
May 24 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/72d22c6b4ee9521952e73a520aaf62b8789912ac commit 72d22c6b4ee9521952e73a520aaf62b8789912ac Author: Lukasz Anforowicz <lukasza@chromium.org> Date: Thu May 24 17:33:24 2018 Tweak the console message for CORB-protected responses. TBR=lukasza@chromium.org (cherry picked from commit 4742a48e3739bb63798d9bf2e5aafdfe3af1d044) Bug: 829874 Change-Id: I76f1a5a795db62d32e550f0b9e7f3a7eeac22b90 Reviewed-on: https://chromium-review.googlesource.com/1069344 Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Reviewed-by: Charlie Reis <creis@chromium.org> Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#561268} Reviewed-on: https://chromium-review.googlesource.com/1072035 Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> Cr-Commit-Position: refs/branch-heads/3396@{#692} Cr-Branched-From: 9ef2aa869bc7bc0c089e255d698cca6e47d6b038-refs/heads/master@{#550428} [modify] https://crrev.com/72d22c6b4ee9521952e73a520aaf62b8789912ac/third_party/blink/renderer/devtools/front_end/sdk/NetworkManager.js
,
May 29 2018
Tested the issue on latest chrome stable# 67.0.3396.62 using Mac 10.12.6 with steps mentioned below: 1) Launched chrome version and followed the reproducible steps as mentioned in https://anforowicz.github.io/xsdb-demo/index.html 2) In Devtools > Console saying: Blocked current origin from receiving cross-site document at https://www.chromium.org/ with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details. 3) Clicked on the image button and observed the increment of "1 - blocked without sniffing" events, on every click on the image button the value increases, find the attached screencast for observations from Chrome://histograms @Lukasz Anforowicz: Please find the attached screencast for your reference and let us know if we missed anything in verifying the fix and help us in confirming the fix. Thanks!
,
May 29 2018
Thank you for running verification steps and providing a screencast. The behavior observed is expected: 1. CORB is expected to block each of the images added using the demo button (and I see that this is properly reflected in chrome://histograms) 2. The new, expected console message can be seen in the screencast I will update the demo page to update the new console message (to the new version seen in the screencast). |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by lukasza@chromium.org
, May 22 2018