ep89 Monthly Web 202110
- published_at
- 2021-10-26
- guest
- @myakura
- toc
-
headings
Theme
第 89 回のテーマは 2021 年 10 月の Monthly Web です。
Show Note
Chrome 動向
Stable: 95
Updates
-
Chromium Blog: Chrome 96 Beta: Conditional Focus, Priority Hints, and More
- https://blog.chromium.org/2021/10/chrome-96-beta-conditional-focus.html
- Preparing for a Three Digit Version Number
-
Origin Trials
-
New Origin Trials
- Conditional Focus
- Priority Hints
-
New Origin Trials
-
Other Features in this Release
- Allow Simple Range Header Values Without Preflight
- Back-forward Cache on Desktop
- Cross-Origin-Embedder-Policy: credentialless
-
CSS
- :autofill Pseudo Class
- Disable Propagation of Body Style to Viewport when Contained
- font-synthesis Property
- EME MediaKeySession Closed Reason
- HTTP to HTTPS Redirect for HTTPS DNS Records
- InteractionID in EventTiming
- New Media Query: prefers-contrast
- Unique id for Desktop PWAs
- URL Protocol Handler Registration for PWAs
-
WebAssembly
- Content Security Policy
- Reference Types
-
Deprecations and Removals
- The "basic-card" Method of PaymentRequest API
-
Deprecations and removals in Chrome 96 - Chrome Developers
- https://developer.chrome.com/en/blog/deps-rems-96/
- The "basic-card" method of PaymentRequest API
- Chrome 96: The basic-card method is deprecated in the Reporting API.
- Chrome 100: The basic-card method will be removed.
-
New in Chrome 95 - Chrome Developers
- https://developer.chrome.com/en/blog/new-in-chrome-95/
- Routing with URLPattern
- Picking colors with the Eye Dropper API
- PWA Summit
- User-agent reduction origin trial
Intents
- Ship: App Shortcuts Menu (Mac/Linux)
- Ship: App Shortcuts Menu
- Ship: Array and TypedArray findLast and findLastIndex
- Ship: COLRv1 Color Gradient Vector Fonts
- Ship: CORS non-wildcard request-header
- Ship: CSS font-synthesis property
- Ship: Do not invert selection background color when it matches text color
- Ship: HDR CSS Media Queries
- Ship: Independent/Individual Properties for CSS Transforms
-
Ship: Late newline normalization in form submission
- https://groups.google.com/a/chromium.org/g/blink-dev/c/XULXQrbFznw
- https://blog.whatwg.org/newline-normalizations-in-form-submission
- form submit 時の CRLF の正規化が 2 段階あり form-url-encode だけ二回実施されていた
- 全エンコーディングで 1 段階になるように修正
- Ship: New Canvas 2D API
- Ship: PWA manifest unique id - desktop
- Ship: URL Protocol Handler Registration for PWAs
- Ship: Window Controls Overlay for Installed Desktop Web Apps
- Ship: [WebAuthn] Authenticator Attachment in Public Key Credential
- Ship: interactionID in Event Timing
- Implement and Ship : onsecuritypolicyviolation event handler IDL attribute
- Implement and Ship: Add support for Promise to Blobs in clipboard item
- Implement and Ship: Allow simple Range header values without preflight
- Implement and Ship: Feature policy for Keyboard API
- Implement and Ship: transform: perspective(none)
- Implement: Import maps, basic support
- Prototype: Region Capture
- Prototype: User-Agent Client Hints GREASE Update
- Prototype: Web app handle links
- Prototype: Web app scope extensions
- Ready for Trial: Block external protocol in sandboxed iframe
- Experiment: Auto Dark Mode & the CSS color-scheme "only" keyword
- Experiment: Digital Goods API v2.0
- Experiment: Region Capture
- Experiment: WebAssembly Dynamic Tiering
- Extend Experiment: Storage Foundation API
- Extend Origin Trial: Conversion Measurement API (Attribution Reporting API)
- Extend Origin Trial: Early Hints preload/preconnect during Navigation
- Extend Origin trial: WebTransport over HTTP/3
- Deprecate: WebRTC's Plan B SDP semantics
- Call for Lightning Talks at BlinkOn15!
- PSA: Readable Byte Streams updates in Blink Implementation
- PSA: Renamed debug helper functions
- [BlinkOn 15] Action required: Call for content: Breakout Talks
- [blink-dev] Action Required: BlinkOn 15 Registration and Call for Content REMINDER!
- BlinkOn 15 - The Chromium Projects
- [RESPONSE REQUESTED] What's in Chrome 96?
- [blink-dev] Action Required: You're invited to BlinkOn 15 in 2H 2021!
- [blink-dev] Intent to Ship: Standardize existing client hint naming
- [blink-dev] UPDATE... PLEASE READ: NEW DATES, Registration and Call for Content!
- Remove:
V8
- V8 release v9.6 - V8
Other
-
web.dev
-
Optimizing resource loading with Priority Hints
- https://web.dev/priority-hints/
importance属性による優先度制御の話
- Assessing loading performance in the field with Navigation Timing and Resource Timing
-
Monitor your web application with the Reporting API
- https://web.dev/reporting-api/
Reporting-Endpointsをデプロイする話
-
Migrate to Reporting API v1
- https://web.dev/reporting-api-migration/
Report-To(v0) からReporting-Endpoints(v1) に移行する話- その前は report-uri 属性だった
- Building a multi-select component
- How Renault improved its bounce and conversion rates by measuring and optimizing Largest Contentful Paint
-
Safe DOM manipulation with the Sanitizer API
- https://web.dev/sanitizer/
- DOMPurify 的なサニタイズ処理の標準化 API
- Best practices for using third-party embeds
-
Optimizing resource loading with Priority Hints
-
google developer blog
- Extend Google Apps Script with your API library to empower users
- Announcing DevFest 2021
- "Bowling" automatic disapproved ads remover
- Announcing the Google Forms API
- Google OAuth incremental authorization improvement
- What is Google's Dev Library -- a new open-source platform for developers
-
google developer japan blog
-
DevFest 2021 が日本各地で開催されます
- https://developers-jp.googleblog.com/2021/10/devfest21.html
- DevFest Tokyo 2021 2021/12/11
- ユーザーのウェブ検索と重要なタスクの継続をサポートする Chrome の試験機能について
- Chrome のメモリの安全性に関するアップデート
- Chrome 95 ベータ版: Secure Payment Confirmation 、 WebAssembly の例外ハンドリングなど
- Web Stories の行動喚起ボタンをアップグレード
-
DevFest 2021 が日本各地で開催されます
-
chrome developer blog
- Auto Dark Theme - Chrome Developers
- RenderingNG deep-dive: LayoutNG - Chrome Developers
- The Chromium Chronicle #25: Thread Safety Annotations - Chrome Developers
- Progress in the Privacy Sandbox (September 2021) - Chrome Developers
- Chrome Web Store policy updates for Q3 2021 - Chrome Developers
-
chromium blog
- Chromium Blog: Sunsetting the "basic-card" payment method in the Payment Request API
- Chromium Blog: Extending Chrome App Support on Chrome OS
- Chromium Blog: RenderingNG: an architecture that makes and keeps Chrome fast for the long term
- Chromium Blog: Helping users explore the web and continue prior tasks
- canary
- Aligning Search Console testing tools and the URL Inspection tool
- Google 検索、 Internet Explorer の公式サポートを終了 - iPhone Mania
- 長くいたチームから移る日のこと | Kinuko Yasuda | note
- ImperialViolet - Phones as security keys in Chrome
- Postpone SAB deprecation trial to Chrome 103 (#1576)
- PWA Summit, October 6-7
Firefox 動向
Stable: 93
Updates
- Firefox 93 features an improved SmartBlock and new Referrer Tracking Protections - Mozilla Security Blog
- Firefox 93 protects against Insecure Downloads - Mozilla Security Blog
- Securing Connections: Disabling 3DES in Firefox 93 - Mozilla Security Blog
-
Lots to see in Firefox 93! - Mozilla Hacks - the Web developer blog
- https://hacks.mozilla.org/2021/10/lots-to-see-in-firefox-93/
- AVIF Image Support
- Static initialization blocks
- Custom Elements & Shadow DOM
- Tab Unloading in Firefox 93 - Mozilla Hacks - the Web developer blog
- Implementing form filling and accessibility in the Firefox PDF viewer - Mozilla Hacks - the Web developer blog
- These Weeks in Firefox: Issue 101 - Firefox Nightly News
- These Weeks in Firefox: Issue 102 - Firefox Nightly News
Intents
- Prototype: Prioritized Scheduling API
-
Prototype: URL Query String Stripping
- https://groups.google.com/a/mozilla.org/g/dev-platform/c/1vOSas0ptVQ
- Facebook の fbclid のような追跡クエリを自動で削除する機能のプロトタイプ
- ブロックリストで管理
-
Prototype and ship: input-security css property
- https://groups.google.com/a/mozilla.org/g/dev-platform/c/vikcWAyyAnc
input-security: none;で<input type=password>が User Visible になる
- Prototype and ship: Implement self.structuredClone()
-
Unship: Cache clearing via the Clear-Site-Data header
- https://groups.google.com/a/mozilla.org/g/dev-platform/c/I939w1yrTp4
- サイト上の Cross Origin なキャッシュも含めて消せる機能を削除
- storage partition されている場合にそれをまたぐことになる
- 消せるのが cookie, storage のみに絞られる
- Incoming production taskcluster livelog SSL cert fix: Sat 9 Oct
- Engineering Effectiveness Newsletter (September 2021 Edition)
-
PSA: Renaming
taskcluster/taskgraph->taskcluster/gecko_taskgraph -
In-browser annotation
- https://groups.google.com/a/mozilla.org/g/dev-platform/c/NXvLZHeIqQw
- ページ中の特定の選択へのメモみたいなものを実現したい
- Scroll-to-Text Fragment を拡張して実現する方式
- Mosaic のころから繰り返されている話
- Soft code freeze for Firefox 94 starts September 30
Other
- Hacked! Unravelling a data breach - The Mozilla Blog
- How does HTTPS protect you (and how doesn't it?) - The Mozilla Blog
- News from Firefox Focus and Firefox on Mobile
- Analysis of Google's Privacy Budget Proposal
- Superhero passwords may be your kryptonite wherever you go online
Safari 動向
Stable: 15.0
Updates
- Release Notes for Safari Technology Preview 133
- Added support for self-start, self-end, start, end, left, and right values in positional alignment (r282267, r282078, r281840)
- Added support for percentages in the scale() transform functions, and the scale property (r282144)
- Added support for sin(), cos(), tan(), e, and pi in calc() (r282162)
- CSS Cascade Layers
-
Added initial support for CSS Cascade Layers in Experimental Features:
- Added support for computing the order correctly for late added sublayers (r281798)
- Supported layer argument in @import rules (r281928)
- CSS Font Loading API
- Updated the implementation of the CSS Font Loading API to be closer to the spec and other browsers:
-
Accessibility
- Fixed blank braille display in contenteditable elements when the field is followed by another element (r281920)
- Made PDFs loaded via
<embed>accessible (r282358)
- JavaScript
- Enabled Object.hasOwn (r281835)
- Implemented Temporal.PlainTime behind the flag
--useTemporal=1(r282125) - Implemented Temporal.TimeZone behind the flag
--useTemporal=1(r282018) - Implemented Temporal.Duration behind the flag
--useTemporal=1(r281838) - Implemented
self.structuredClone()(r281808) - Implemented
Object.hasOwn()(r281799) -
Web API
- Added basic support for Storage API (r282130)
- Added support for ServiceWorkerGlobalScope.serviceWorker (r281854)
- Added handling for non-fully active documents in
navigator.share()/navigator.canShare()(r282282) - Enabled
Cross-Origin-Opener-Policy/Cross-Origin-EmbedderPolicyheaders support (r282105, r282246) - Enabled SharedArrayBuffer support when COOP/COEP headers are used (r281832)
- Fixed scrollbars on pointer-events: none element still intercepting events (r281991)
- Implemented top-origin and frame-origin partitioning for BroadcastChannel (r282105)
- Implemented navigation reporting for Cross-Origin-Opener-Policy (r282305)
- Implemented getClientRects() for SVG elements (r282316)
- Updated to always fetch the first manifest if provided (r282026)
-
WebRTC
- Added support for RTCError and RTCErrorEvent (r282199)
- Added support for RTCDataChannel closing event (r282198)
- Added support for RTCSctpTransport (r282197)
-
Media
- Fixed an incorrect number of frames returned if the decoding frame rate doesn't match the original in WebM (r282196)
- Removed Web Audio
canPlayType()workaround that made it reports false negatives (r282137)
-
Web and App Extensions
- Added the extension's icon to extension URL tabs for both app and web extensions
- Added the extension name as the title of tabs when an app extension page and does not specify a title
Position
- [webkit-dev] Request for position: WEBRTC-SVC
Other
-
Add support for ServiceWorkerGlobalScope push event handler
- https://trac.webkit.org/changeset/283438/webkit
- Service Worker の push イベント実装
Edge 動向
Stable: 95
Updates
- Improved authoring and debugging experiences in Microsoft Edge DevTools and Visual Studio Code
- Learn to build great Progressive Web Apps
- Improving how Microsoft Edge processes appear in Task Manager
- Save time by automatically filling your addresses and credit cards with Microsoft Autofill | Windows Experience Blog
Chakra
Other
-
Windows 11 の仕様とシステム要件 | Microsoft
- https://www.microsoft.com/ja-jp/windows/windows-11-specifications
-
Windows 11 では Internet Explorer 11 デスクトップアプリケーションに代わり、 Microsoft Edge の IE モードが導入されます。
- Bug bounty hunter to working at Microsoft | Microsoft Browser Vulnerability Research
- Spooky: Enhancing Dark Mode in Chromium - text/plain
- MoarTLS: Non-Secure Download Blocking - text/plain
- Accessibility (UIA) Troubleshooting - text/plain
- Practical Time Machines - text/plain
- vscode.dev
WHATWG/W3C 動向
Draft
-
Recommendation
- DOM Review Draft Published 15 June 2020 is a W3C Recommendation
-
Proposed Recommendation
- Call for Review: Payment Request API and Payment Method Identifiers are W3C Proposed Recommendations
- Call for Review: ARIA in HTML is a W3C Proposed Recommendation
-
Candidate Recommendation
- W3C Invites Implementations of CSS Multi-column Layout Module Level 1
- Working Draft
-
First Public Working Draft
- Updated Candidate Recommendation: Media Capture and Streams
- First Public Working Draft: Media Source Extensions (TM)
- First Public Working Draft: Synchronization Accessibility User Requirements
-
Chartering
- Call for Participation: Spatial Data on the Web Working Group Charter Approved; Join SDW WG
- Private Advertising Technology Community Group created
- Private Advertising Technology Community Group Proposed
- Decentralized Identifier Working Group charter extended until 31 December 2021 (Fwd)
- Web Application Security Working Group charter extended until 31 December 2021 (Fwd)
- Web Applications Working Group charter extended until 31 December 2021 (Fwd)
- [wbs] response to 'Call for Review: Web Authentication Working Group Charter'
- Call for Participation: Internationalization Working Group and Interest Group Charters Approved; Join i18n Groups
Other
- TPAC privacy and security related meetings (fwd)
- W3C Strategic Highlights, October 2021
- WebAppSec Teleconference Agenda
- W3C and Yubico offer first online Web Authentication course for developers
- Hacktober fest spam 2021
TC39 動向
Meeting
Proposals Diff
New Proposals
Other
IETF 動向
WG
- IETF
-
httpwg
- https://lists.w3.org/Archives/Public/ietf-http-wg/
- https://github.com/httpwg/wg-materials/
- Protocol Action: 'The Proxy-Status HTTP Response Header Field' to Proposed Standard (draft-ietf-httpbis-proxy-status-08.txt)
- Advertising WebSocket support in the HTTPS resource record
- I-D Action: draft-ietf-httpbis-rfc6265bis-09.txt
- WGLC for Targeted HTTP Cache Control
- I-D Action: draft-ietf-httpbis-targeted-cache-control-02.txt
- Registration request for the Configuration-Context field
- I-D Action: draft-ietf-httpbis-proxy-status-08.txt
- cookie-radius / http-equiv="cookie"
- Media type parameters optional between semicolons
- Standard for upgrading based on URL?
- I-D Action: draft-ietf-httpbis-proxy-status-07.txt
- Distributed Origins and Alt-Svc
- [Editorial Errata Reported] RFC7616 (6704)
- WGLC for HTTP Priorities
- Weekly github digest (HTTP Activity Summary)
- I-D Action: draft-ietf-httpbis-priority-06.txt
- DRAFT minutes for the Interim
- HTTP Experiments: a bit of housekeeping (moving documents to Historic)
- Working Group Last Call: Bootstrapping WebSockets with HTTP/3
- TCP RST code for websockets in h3
- Reminder: interim in ~12 hours
- Publication has been requested for draft-ietf-httpbis-http2bis-05
- I-D Action: draft-ietf-httpbis-digest-headers-06.txt
- draft-damjanovic-websockets-https-rr-00 - Advertising WebSocket support in the HTTPS resource record
-
quicwg
- https://mailarchive.ietf.org/arch/browse/quic/
- https://github.com/quicwg/wg-materials
- draft-ietf-quic-bit-grease-01 - Greasing the QUIC Bit
- draft-dawkins-sdp-rtp-quic-questions-00 - SDP Offer/Answer for RTP using QUIC as Transport - Design Questions
- draft-retana-idr-bgp-quic-stream-00 - Use of Streams in BGP over QUIC
- webtrans
- tlswg
- wpack
- masque
- pearg
- privacypass
- dispatch
- secdispatch
Other
- Secure Credential Transfer
CDN 動向
Cloudflare
- Multi-User IP Address Detection
- Privacy-Preserving Compromised Credential Checking
- Research Directions in Password Security
- Cloudflare and the IETF
- Exported Authenticators: The long road to RFC
- Privacy Pass v3: the new privacy bits
- What happened on the Internet during the Facebook outage
- Understanding How Facebook Disappeared from the Internet
- Web3 - A vision for a decentralized web
- A Better Internet with UN Global Compact
Fastly
Other
セキュリティ動向
- Help thread for DST Root CA X3 expiration (September 2021) - Help - Let's Encrypt Community Support
- Root Certificate Program - Apple
- Revisiting BetterTLS: Certificate Path Building | by Netflix Technology Blog
- WIP: master QUIC support by tmshort - Pull Request #8797 - openssl/openssl
周辺動向
-
Facebook が落ちた話
- Understanding How Facebook Disappeared from the Internet
- Update about the October 4th outage - Facebook Engineering
- More details about the October 4 outage - Facebook Engineering
- Facebook がダウンしたが、単なるサーバのダウンと言うより、 Facebook 自体がインターネット上から消えたという珍しい現象だった
- DC のメンテナンスのために一部をオフラインにするコマンドを発行したところ、評価ツールの投げた危険なコマンドが、監査ツールのバグをすり抜けて実行された。
- 結果 DC 全体がオフラインになり、ネットワークから切断された。
- そこで DNS も DC にアクセスできないため、縮退のため BGP のアドバタイズを取りやめ、結果 Facebook がインターネット上から完全に隔離された
- DNS に繋がらなくなった結果、あらゆるツールが動かなくなり検証もままならなくなり、リモート接続ができないため、復旧も難しくなった。
- DC のセキュリティが高いため、物理的なアクセスも難しく、ハードウエアは手作業による変更も難しくできているため、難易度が高かった。
- 急に全部を戻すとスパイクによって新たなクラッシュが起こることもわかっていた。
- 普段から "strom" という訓練をしていたため、大規模障害を模したストレステストを走らせる準備はできていた。
- 結果、なんとかもとに戻した。
- こうした事象のシミュレート方法も模索して今後に活かしたい。
- Web のルビ仕様にはアクセシビリティを阻害している面がある。「日本 DAISY コンソーシアム」が改善を求めてブラウザベンダ、 WHATWG 、 W3C らに公開書簡 - Publickey
- The State of CSS 2021 Survey is Now Open
イベント
-
11 月
- 6-12: IETF112 Online
- 16-18: BlinkOn 15
- 25-28: TC39 86th
Wrap Up
-
Chrome
- 3 digit version number
- Simple Range Header without Preflight
- BFCache on Desktop
- COEP credentialless
- HTTPS DNS Records
- Ship: Non wildcard request header
- Ship: Late new line normalization
- Proto: UA-CH Grease Update
- Exp: Auto Dark Mode
- Rendering/Layout NG
- Google Search IE Support 終了
-
Firefox
- Referrer Tracking Protection
- 3DES 終了
- AVIF Support
- Proto: URL Query Stripping
- Proto: input-security: none/auto
- Unship: Clear-Site-Data: cache
- In Browser Annotation
-
Safari
- hasOwn
- Temporal
- Storage API
- COOP/COEP + Shared Array Buffer 復活
- Web Push 実装開始
-
Edge
- VSCode + DevTools Debuggability
- vscode.dev
-
W3C
- Private Ads Technology CG
- TPAC now
- TC39
-
IETF
- WebSocket in HTTP RR Record
- WGLC: Target Cache-Control
- WGLC: HTTP Priorities
- WGLC: WebSocket over H3
-
CDN
- Web3
-
Security
- Let's Encrypt Root Expiration
- Openssl QUIC Support Discussion
-
Other
- Facebook Disconnected from Internet
- Web のルビと a11y
- State of CSS 2021