Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the minimum supported Chrome version to 128 #2786

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

kzar
Copy link
Collaborator

@kzar kzar commented Oct 30, 2024

A bug in the chrome.declarativeNetRequest API[1] meant that extensions could
block requests initiated by other extensions. This cross-extension request
blocking wasn't supposed to be possible[2], and led to lots of issues for users
with multiple browser extensions installed (for example, see this Privacy Badger
bug report[3]).

These cross-extension requests weren't associated with a tabId, and so could not
be differentiated from other such requests - including ServiceWorker initiated
requests. As a workaround, to avoid breaking the other extensions our users
might have installed, we stopped blocking any requests with no associated tabId.

Since then, we have fixed the bug in Chrome[4], and that fix was release with
Chrome 128. So let's increase the minimum supported Chrome version to 128, so
that we can re-enable ServiceWorker initiated request blocking in the future.

1 - https://crbug.com/40896400
2 - w3c/webextensions#369
3 - EFForg/privacybadger#2968
4 - https://chromiumdash.appspot.com/commit/486d638e6977dad73bd207dc914df9319afac152

Reviewer: @sammacbeth

Description:

Steps to test this PR:

Automated tests:

  • Unit tests
  • Integration tests
Reviewer Checklist:
  • Ensure the PR solves the problem
  • Review every line of code
  • Ensure the PR does no harm by testing the changes thoroughly
  • Get help if you're uncomfortable with any of the above!
  • Determine if there are any quick wins that improve the implementation
PR Author Checklist:
  • Get advice or leverage existing code
  • Agree on technical approach with reviewer (if the changes are nuanced)
  • Ensure that there is a testing strategy (and documented non-automated tests)
  • Ensure there is a documented monitoring strategy (if necessary)
  • Consider systems implications

@kzar kzar marked this pull request as draft October 30, 2024 11:00
@kzar kzar force-pushed the reenable-sw-initiated-blocking branch from 35b8fe2 to 7dca719 Compare October 30, 2024 11:03
A bug in the chrome.declarativeNetRequest API[1] meant that extensions could
block requests initiated by other extensions. This cross-extension request
blocking wasn't supposed to be possible[2], and led to lots of issues for users
with multiple browser extensions installed (for example, see this Privacy Badger
bug report[3]).

These cross-extension requests weren't associated with a tabId, and so could not
be differentiated from other such requests - including ServiceWorker initiated
requests. As a workaround, to avoid breaking the other extensions our users
might have installed, we stopped blocking any requests with no associated tabId.

Since then, we have fixed the bug in Chrome[4], and that fix was release with
Chrome 128. So let's increase the minimum supported Chrome version to 128, so
that we can re-enable ServiceWorker initiated request blocking in the future.

1 - https://crbug.com/40896400
2 - w3c/webextensions#369
3 - EFForg/privacybadger#2968
4 - https://chromiumdash.appspot.com/commit/486d638e6977dad73bd207dc914df9319afac152
@kzar kzar force-pushed the reenable-sw-initiated-blocking branch from 7dca719 to 79b56dd Compare October 30, 2024 11:18
@kzar kzar changed the title Re-enable ServiceWorker initiated request blocking Bump the minimum supported Chrome version to 128 Oct 30, 2024
@kzar kzar marked this pull request as ready for review October 30, 2024 11:20
@kzar kzar requested a review from sammacbeth October 30, 2024 18:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant