![]()
Chrome 95 Beta: Secure Payment Confirmation, WebAssembly Exception Handling and More
2021-09-24 08:28:06
Author: www.blogger.com(查看原文)
阅读量:34
收藏
tag:blogger.com,1999:blog-2471378914199150966.post-51184436793254059512021-09-23T16:37:00.000-07:002021-09-23T16:37:59.070-07:00Chrome 95 Beta: Secure Payment Confirmation, WebAssembly Exception Handling and More<p>Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on <a href="https://www.chromestatus.com/features#milestone%3D76">ChromeStatus.com</a>. Chrome 95 is beta as of September 23, 2021.</p> <h2>Origin Trials</h2><p>This version of Chrome introduces the origin trials described below. Origin trials allow you to try new features and give feedback on usability, practicality, and effectiveness to the web standards community. To register for any of the origin trials currently supported in Chrome, including the ones described below, visit the <a href="https://developers.chrome.com/origintrials/#/trials/active">Chrome Origin Trials dashboard</a>. To learn more about origin trials in Chrome, visit the <a href="https://web.dev/origin-trials/">Origin Trials Guide for Web Developers</a>. Microsoft Edge runs its own origin trials separate from Chrome. To learn more, see the <a href="https://developer.microsoft.com/en-us/microsoft-edge/origin-trials/">Microsoft Edge Origin Trials Developer Console</a>. </p> <h3>New Origin Trials</h3> <h4>Access Handles for the File System Access API</h4><p>It's our <a href="https://github.com/WICG/storage-foundation-api-explainer/issues/4#issuecomment-853370759">eventual goal</a> to merge the origin private file system of the File System Access API with the <a href="https://chromestatus.com/feature/5670244905385984">Storage Foundation API</a> to reduce the number of entry points for getting access to file-based storage in the browser. A first step toward this objective is the newly proposed <a href="https://github.com/WICG/file-system-access/blob/main/AccessHandle.md">access handle</a>. The new feature differs from existing functionality by offering in-place and exclusive write access to a file's content. This change, along with the ability to consistently read unflushed modifications and the availability of a synchronous variant on dedicated workers, significantly improves performance and unblocks new use cases. To join the origin trial, see <a href="https://www.google.com/url?q=https://developer.chrome.com/origintrials/%23/view_trial/3378825620434714625&sa=D&source=editors&ust=1632322938025000&usg=AOvVaw2QHjz5Bm-HjLWnHt1xaJH3">its entry on Chrome Origin Trials</a>. For more on access handlers, see the information we've added to <a href="https://web.dev/file-system-access/#accessing-storage-foundation-api-files-from-the-origin-private-file-system">The File System Access API: simplifying access to local files</a>.</p> <h4>Reduce User Agent String Information</h4><p>Chrome is trying to <a href="https://blog.chromium.org/2021/09/user-agent-reduction-origin-trial-and-dates.html">reduce the amount of information the user agent string exposes</a> in HTTP requests as well as in <code>navigator.userAgent</code>, <code>navigator.appVersion</code>, and <code>navigator.platform</code>. The user agent string can be used for passive user fingerprinting. To join the origin trial, see <a href="https://www.google.com/url?q=https://developer.chrome.com/origintrials/%23/view_trial/-7123568710593282047&sa=D&source=editors&ust=1632322938025000&usg=AOvVaw207ZCzhuIHuw9cXAfgBMMn">its entry on Chrome Origin Trials</a>.</p> <h3>Completed Origin Trials</h3><p>The following features, previously in a Chrome origin trial, are now enabled by default.</p> <h4>Secure Payment Confirmation</h4><p><a href="https://www.chromestatus.com/feature/5702310124584960">Secure payment confirmation</a> augments the payment authentication experience on the web with the help of the <a href="https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API">Web Authentication API</a>. The feature adds a new 'payment' extension to that API, which allows a relying party such as a bank to opt-in to creating a <code><a href="https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredential">PublicKeyCredential</a></code> that can be queried by any merchant origin as part of an online checkout via the <a href="https://developer.mozilla.org/en-US/docs/Web/API/Payment_Request_API">Payment Request API</a> using the <code>'secure-payment-confirmation'</code> payment method.</p> <p>This feature enables a consistent, low friction, strong authentication experience using platform authenticators. Strong authentication with the user's bank is becoming a requirement for online payments in many regions, including the European Union. The proposed feature provides a better user experience and stronger security than existing solutions.</p> <h4>WebAssembly Exception Handling</h4><p>WebAssembly <a href="https://developer.chrome.com/origintrials/#/view_trial/2393663201947418625">now provides exception handling</a> support. Exception handling allows code to break control flow when an exception is thrown. The exception can be any that is known by the WebAssembly module, or it may be an unknown exception that was thrown by a called imported function. </p> <h2>Other Features in this Release</h2> <h3>Adding droppedEntriesCount to PerformanceObserver Callback</h3><p>Currently, web developers can call <code><a href="https://developer.mozilla.org/en-US/docs/Web/API/PerformanceObserver/observe">PerformanceObserver.observe()</a></code> with the <a href="https://developer.mozilla.org/en-US/docs/Web/API/PerformanceObserver/observe#parameters">buffered option</a> to listen to past and future performance entries about their site. Unfortunately, past entries need to be stored, and there is a buffer size limit. The <code>droppedEntriesCount</code> parameter helps developers know if they may have lost an entry due to storage being full. </p> <p><a href="https://www.chromestatus.com/feature/5320666234486784">The <code>droppedEntriesCount</code> property</a> is one of the options specified as the third parameter of the callback passed in the <a href="https://developer.mozilla.org/en-US/docs/Web/API/PerformanceObserver/PerformanceObserver"><code>PerformanceObserver</code> constructor</a>. It provides the number of entries dropped due to the buffer being full. </p> <h3>EyeDropper API</h3><p><a href="https://www.chromestatus.com/feature/6304275594477568">The EyeDropper API</a> provides a browser-supplied eyedropper for the construction of custom color pickers. Creative applications built for the web could benefit from an ability to sample a color from pixels on the screen. Many OS applications, PowerPoint for example, have this ability but are unable to carry it over to their web equivalents.<br /><br />Even though some browsers have eyedropper capability built into <code><input type=color></code> elements, web applications are limited in their ability to integrate this into their custom color pickers since the eyedropper is generally accessible only through the non-customizable popup triggered by the <code><input></code> element.</p> <h3>New UA platform Version Source on Windows for User Agent Client Hints</h3><p>Chrome has updated the value <a href="https://www.chromestatus.com/feature/5080939765956608">provided by the <code>Sec-CH-UA-Platform-Version</code> on Windows</a> to provide a reasonable level of fidelity to allow sites to identify meaningful Windows platform changes. This enables sites to deliver appropriate binary executables and help content specific to a particular operating system version. The current user agent string and existing <code>Sec-CH-UA-Platform-Version</code> implementation provides the major and minor version Windows components. However, as of Windows 10, Windows generally doesn't increase either of these numbers across significant releases. Notably, Windows 11 does not increase either of these numbers. You can find a table of value mappings to Windows releases in the <a href="https://github.com/WICG/ua-client-hints/commit/5c1be8772eaf3b823c3c07d6baa6d7348a77627d">UA Client Hints' repo issue 220</a>.</p> <h3>self.reportError()</h3><p>This function, available in windows and workers, <a href="https://www.chromestatus.com/feature/5634523220934656">allows developers to report errors</a> to the console and any global "error" event handlers in the same way as an uncaught JavaScript exception. It is mainly useful for custom event-dispatching or callback-manipulating libraries.<br />This allows library developers to report exceptions in the same way the browser does, which is useful when they need custom control over running the callback. </p> <h3>URLPattern</h3><p><a href="https://web.dev/urlpattern/">URLPattern</a> is a new web API that provides operating system support for matching URLs given a pattern string. It can be used in JavaScript directly or by passing patterns to other web platform APIs such as, for example, as a service worker scope. Both web platform features and JavaScript applications often need to match against URLs. Examples include, service worker scopes on the web platform and URL routing in JavaScript frameworks. Past web platform features have individually created their own URL matching mechanisms. JavaScript has relied on libraries such as path-to-regexp.</p> <h2>Deprecations, and Removals</h2><p>This version of Chrome introduces the deprecations and removals listed below. Visit ChromeStatus.com for lists of <a href="https://www.chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22">current deprecations</a> and <a href="https://www.chromestatus.com/features#browsers.chrome.status:%22Removed%22">previous removals</a>.</p> <h3>FTP Support Removed</h3><p>Chrome is <a href="https://www.chromestatus.com/feature/6246151319715840">removing support for FTP URLs</a>. Use of FTP in the browser is sufficiently low that it is no longer viable to invest in improving the existing FTP client. In addition, more capable FTP clients are available on all affected platforms.<br /><br />Google Chrome 72 and later removed support for fetching document subresources over FTP and rendering of top level FTP resources. Currently navigating to FTP URLs results in showing a directory listing or a download depending on the type of resource. A bug in Google Chrome 74 later resulted in dropping support for accessing FTP URLs over HTTP proxies. Proxy support for FTP was removed entirely in Google Chrome 76. In Chrome 86 FTP support was turned off for pre-release channels (Canary and Beta) and experimentally turned off for one percent of stable users, though it could be reenabled via the command line. In Chrome 87 it was turned off for fifty percent of users but could also be enabled through the command line. Since Chrome 88, it was only available through a deprecation trial and is now disabled.</p> <h3>Support for URLs with non-IPv4 Hostnames Ending in Numbers</h3><p>Most hostnames that aren't valid IPv4 addresses, but end in numbers are treated as valid, and looked up via DNS (e.g., <code>http://foo.127.1/</code>). Per the Public Suffix List spec, the eTLD+1 of the hostname in that URL should be <code>127.1</code>. If that is ever fed back into a URL, <code>http://127.1/</code> is mapped to <code>http://127.0.0.1/</code> by the URL spec, which seems potentially dangerous. <code>127.0.0.0.1</code> could also potentially be used to confuse users. <a href="https://www.chromestatus.com/feature/5679790780579840">URLs with these hostnames are now rejected</a>.</p> <h3>WebAssembly Cross-Origin Module Sharing</h3><p><a href="https://www.chromestatus.com/feature/5650158039597056">Chrome now deprecates sharing WebAssembly modules</a> between cross-origin, but same-site environments to <a href="https://developer.chrome.com/blog/wasm-module-sharing-restricted-to-same-origin/">allow agent clusters to be scoped to origins long term</a>. </p>Chromium Bloghttps://www.blogger.com/profile/06394244468194711527[email protected]
文章来源: http://www.blogger.com/feeds/2471378914199150966/posts/default/5118443679325405951
如有侵权请联系:admin#unsafe.sh