Chrome 93: Multi-Screen Window Placement, PWAs as URL Handlers, and More

Chrome 93: Multi-Screen Window Placement, PWAs as URL Handlers, and More
2021-07-30 04:00:00 Author: www.blogger.com(查看原文) 阅读量:46 收藏

tag:blogger.com,1999:blog-2471378914199150966.post-72083172189312274592021-07-29T12:00:00.005-07:002021-07-29T13:05:08.226-07:00Chrome 93: Multi-Screen Window Placement, PWAs as URL Handlers, and More<p>Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Android WebView, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on <a href="https://www.chromestatus.com/features#milestone%3D76">ChromeStatus.com</a>. Chrome 93 is beta as of July 29, 2021.</p> <h2>Origin Trials</h2><p>This version of Chrome introduces the origin trials described below. Origin trials allow you to try new features and give feedback on usability, practicality, and effectiveness to the web standards community. To register for any of the origin trials currently supported in Chrome, including the ones described below, visit the <a href="https://developers.chrome.com/origintrials/#/trials/active">Chrome Origin Trials dashboard</a>. To learn more about origin trials in Chrome, visit the <a href="https://web.dev/origin-trials/">Origin Trials Guide for Web Developers</a>. Microsoft Edge runs its own origin trials separate from Chrome. To learn more, see the <a href="https://developer.microsoft.com/en-us/microsoft-edge/origin-trials/">Microsoft Edge Origin Trials Developer Console</a>. </p> <h3>New Origin Trials</h3> <h4>Cross-Origin-Embedder-Policy: credentialless</h4><p>Cross-origin no-CORS requests <a href="https://developer.chrome.com/origintrials/#/view_trial/3036552048754556929">can now be made to omit credentials</a> (cookies, client certificates, etc.) using the <code>credentialless</code> keyword. Similarly to <code>COEP: require-corp</code>, it can enable cross-origin isolation.</p> <p>Sites that wish to continue using <code>SharedArrayBuffer</code> must opt-in to cross-origin isolation. Today, <code>COEP: require-corp</code> exists, and is used to enable cross-origin isolation. It is functional and solid, but turns out to be difficult to deploy at scale, as it requires all subresources to explicitly opt-in. This is fine for some sites, but creates dependency problems for sites that gather content from users (Google Earth, social media generally, forums, etc.).</p> <h4>Multi-Screen Window Placement</h4><p>The <a href="https://web.dev/multi-screen-window-placement/">Multi-Screen Window Placement API</a> allows you to place windows on any display connected to your machine, store that placement, and make a window full-screen on any display. With this API, a presentation app can show slides on one screen and speaker notes on another. An art or music creation app can place palettes on a second screen. And a restaurant can show a touchscreen menu on a kiosk and a separate window for employees. Incorporating developer feedback from the first origin trial, the API enters a second origin trial with an improved shape and ergonomics.</p> <h4>Window Controls Overlay for Installed Desktop Web Apps</h4><p>Window controls overlay extends an app's client area to cover the entire window, including the title bar, and the window control buttons (close, maximize/restore, minimize). The web app developer is responsible for drawing and input-handling for the entire window except for the window controls overlay. Developers can use this feature to make their installed desktop web apps look like O.S. apps. For more information, see <a href="https://web.dev/window-controls-overlay/">Customize the window controls overlay of your PWA's title bar</a>.</p> <h4>PWAs as URL Handlers</h4><p><a href="https://web.dev/pwa-url-handler/">PWA as URL Handlers</a> allows apps like <code>music.example.com</code> to register themselves as URL handlers for URLs that match patterns like <code>https://music.example.com</code>, <code>https://*.music.example.com</code>, or <code>https://🎵.example.com</code>, so that links from outside of the PWA, for example, from an instant messenger application or an email client, open in the installed PWA rather than in a browser tab.</p> <h3>Completed Origin Trials</h3><p>The following features, previously in a Chrome origin trial, are now enabled by default.</p> <h4>Subresource loading with Web Bundles</h4><p><a href="https://www.chromestatus.com/feature/5710618575241216">Web Bundles</a> provides a new approach to load a large number of resources efficiently using a format that allows multiple resources to be bundled. This feature addresses issues with previous approaches to resource bundling. </p> <p>The output of some JavaScript bundlers does not interact well with the HTTP cache and configuring them can sometimes be difficult. Even with bundled JavaScript, execution needs to wait for all bytes to download. Ideally loading multiple subresources should use streaming and parallelization, which is not possible with one JavaScript file. For JavaScript modules, execution still needs to wait for an entire resource tree to download because of deterministic execution.</p> <h4>WebXR Plane Detection API</h4><p>WebXR applications can now <a href="https://www.chromestatus.com/feature/5732397976911872">retrieve data about planes present in a user's environment</a>, which enables augmented reality applications to create more immersive experiences. Without this feature, developers would have to resort to running their own computer vision algorithms on data from <code>getUserMedia()</code> (available on <code>navigator</code> and <code>MediaDevices</code>) in order to detect planes present in the users' environment. Such solutions have thus far been unable to match the quality and accuracy of native augmented reality capabilities or support world scale.</p> <h2>Other features in this release</h2> <h4>AbortSignal.abort() Static Method</h4><p><a href="https://www.chromestatus.com/feature/5642501387976704"><code>AbortSignal.abort()</code> is a static method</a> that allows creating a new <code>AbortSignal</code> object that is already aborted. It is similar in spirit to <code>Promise.reject()</code>, and provides improved developer ergonomics.</p> <p>Web developers have found aborted <code>AbortSignal</code> objects to be useful for a variety of purposes. They signify to JavaScript APIs that no work should be done. Currently, creating an already-aborted <code>AbortSignal</code> object requires multiple lines of code. <code>AbortSignal.abort()</code> requires one:<br /><br /><code>return AbortSignal.abort();</code></p> <h4>CSS Flexbox: Support Alignment Keywords start, end, self-start, self-end, left, right</h4><p>The flexbox and flex items <a href="https://www.chromestatus.com/feature/5777880099323904">now obey</a> <a href="https://drafts.csswg.org/css-align-3/#positional-values">positional alignment keywords</a>. Flexbox previously only obeyed <code>center</code>, <code>flex-start</code>, and <code>flex-end</code>. The additional alignment keywords (<code>start</code>, <code>end</code>, <code>self-start</code>, <code>self-end</code>, <code>left</code>, <code>right</code>) allow authors to more easily align the flex items in the face of varying writing modes and flex flows.</p> <p>Without these additional keywords, developers need to change the keyword values whenever they change the writing mode, text direction, or flex reversal properties (<code>flex-direction: row-reverse</code>, <code>flex-direction:column-reverse</code> or <code>align-content: wrap-reverse</code>). The keywords implemented here let them set alignment once.</p> <h4>Error.cause Property</h4><p>The <code>Error()</code> constructor supports <a href="https://www.chromestatus.com/feature/5727099325251584">a new options property called cause</a>, which will be assigned to the error as a property. This allows errors to be chained without unnecessary and overelaborate formalities on wrapping the errors in conditions.</p> <h4>Honor Media HTML Attribute for meta name=theme-color</h4><p><a href="https://www.chromestatus.com/feature/5764461413531648">The meta element's "media" attribute will be honored</a> for <code>meta[name="theme-color"]</code> so that web developers can adjust the <a href="https://web.dev/add-manifest/#theme-color">theme color</a> of their site based on a media query (dark and light modes for instance). The first one that matches will be picked.</p> <h4>noplaybackrate in HTMLMediaElement.controlsList </h4><p>The <a href="https://www.chromestatus.com/feature/5092414224072704">HTMLMediaElement.controlsList property now supports <code>noplaybackrate</code></a>, which allows websites to enabled or disable the playback speed control exposed by the browser. With browser vendors adding playback speed control to their media controls, developers should have a way to control the visibility of this new control. Try the new property on the <a href="https://googlechrome.github.io/samples/media/controlslist-noplaybackrate.html"><code>noplaybackrate</code> in <code>HTMLMediaElement.controlsList</code> Sample</a>.</p> <h4>Sec-CH-Prefers-Color-Scheme Client Hint Header</h4><p>The CSS user preference media feature <a href="https://web.dev/prefers-color-scheme/"><code>prefers-color-scheme</code></a> has a potentially significant impact on the amount of CSS that needs to be delivered by a page and on the experience the user is going to have when the page loads. The new <a href="https://github.com/WICG/user-preference-media-features-headers#demo-of-sec-ch-prefers-color-scheme"><code>Sec-CH-Prefers-Color-Scheme</code></a> client hint header allows sites to obtain the user's preference optionally at request time, allowing servers to inline the right CSS and therefore avoid a flash of incorrect color theme.</p> <h4>User-Agent Client Hints API Updates</h4><p>This version of Chrome adds <a href="https://www.chromestatus.com/feature/5733498725859328">four new features and changes</a> to the User-Agent client hints API.</p> <ul><li><strong>Sec-CH-UA-Bitness:</strong> a request header that gives a server information about the bitness of the architecture of the platform on which a given user agent is executing. Bitness is the number of bits comprising the basic value a particular system can evaluate.<br /></li><li><strong>Make Sec-CH-UA-Platform a low-entropy hint: </strong><code>Sec-CH-UA-Platform</code> is a request header that gives a server information about the platform on which a given user agent is executing.<br /></li><li><strong>Adds low-entropy hints to UADataValues.getHighEntropyValues():</strong> If a hint moves from high to low-entropy, this future proofs any code relying on it.</li></ul> <ul><li><strong>Improves</strong> <strong>NavigatorUAData.toJSON() method:</strong> This method now returns useful data.</li></ul> <p>Low-entropy hints are those that don't give away too much information, or give information that would be too easy to discover in other ways to realistically hide. In the context of client hints, this means that these hints are available in every request, whether or not the origin involved requested it or whether the frame involved is a first or third party context.</p> <h4>WebOTP API: Cross-Device Support</h4><p><a href="https://developer.chrome.com/blog/cross-device-webotp/">The WebOTP API will now be supported on desktop</a> when both Chrome on Desktop and Android Chrome are logged in using the same Google account. The WebOPT API provides the ability to programmatically read a one-time code from specially-formatted SMS messages addressed to their origin, reducing user friction during sign-on. Previously, this was only available on mobile devices where SMS was supported.</p><br /> <div class="separator" style="clear: both;"><a href="https://1.bp.blogspot.com/-oCrRm9VsjlM/YQL2nhKWCVI/AAAAAAAABoU/4pFRb6XRGRMWzuS8xsnowCVLQCPcQKb9ACLcBGAsYHQ/s800/webotp-demo.gif" style="margin-left: 1em; margin-right: 1em;"><img alt="Demo of WebOTP API: Cross-Device Support" border="0" data-original-height="525" data-original-width="800" height="419" src="https://1.bp.blogspot.com/-oCrRm9VsjlM/YQL2nhKWCVI/AAAAAAAABoU/4pFRb6XRGRMWzuS8xsnowCVLQCPcQKb9ACLcBGAsYHQ/w640-h419/webotp-demo.gif" width="640" /></a></div> <h2>JavaScript</h2><p>This version of Chrome incorporates version 9.3 of the V8 JavaScript engine. It specifically includes the changes listed below. You can find a complete <a href="https://v8.dev/blog">list of recent features</a> in the V8 release notes.</p> <h4>Object.hasOwn</h4><p><a href="https://www.chromestatus.com/feature/5662263404920832"><code>Object.hasOwn</code></a>, a new boolean property, provides an easier-to-use, static method version of <code>Object.prototype.hasOwnProperty</code>. </p> <h2>Deprecations, and Removals</h2><p>This version of Chrome introduces the deprecations and removals listed below. Visit ChromeStatus.com for lists of <a href="https://www.chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22">current deprecations</a> and <a href="https://www.chromestatus.com/features#browsers.chrome.status:%22Removed%22">previous removals</a>.</p> <h4>Block ports 989 and 990</h4><p><a href="https://www.chromestatus.com/feature/5678858554572800">Connections to HTTP, HTTPS or FTP servers on ports 989 and 990 now fail.</a> These ports are used by the FTPS protocol, which has never been implemented in Chrome. However, FTPS servers can be attacked in a cross-protocol attack by malicious web pages using carefully-crafted HTTPS requests. This is a mitigation for <a href="https://alpaca-attack.com/">the ALPACA attack</a>. </p> <h4>Remove 3DES in TLS</h4><p>Chrome has <a href="https://www.chromestatus.com/feature/6678134168485888">now removed support for the TLS_RSA_WITH_3DES_EDE_CBC_SHA</a> cipher suite. TLS_RSA_WITH_3DES_EDE_CBC_SHA is a remnant of the SSL 2.0 and SSL 3.0 era. 3DES in transport layer security (TLS) is vulnerable to the <a href="https://sweet32.info/">Sweet32 attack</a>. Being a CBC cipher suite, it is also vulnerable to the <a href="https://en.wikipedia.org/wiki/Lucky_Thirteen_attack">Lucky Thirteen</a> attack. The first replacement AES cipher suites were defined for TLS in RFC3268, published around 19 years ago, and there have been several iterations since.</p> <h4>WebAssembly Cross-Origin Module Sharing</h4> <p>WebAssembly module sharing between cross-origin but same-site environments <a href="https://chromestatus.com/feature/5650158039597056">will be deprecated</a> to allow agent clusters to be scoped to origins long term. This follows a WebAssembly specification change, which has an impact on the platform as well.</p>Chromium Bloghttps://www.blogger.com/profile/06394244468194711527[email protected]

文章来源: http://www.blogger.com/feeds/2471378914199150966/posts/default/7208317218931227459
如有侵权请联系:admin#unsafe.sh