Deprecations and Removals in Chrome 58
In nearly every version of Chrome, we see a significant number of updates and improvements to the product, its performance, and also capabilities of the Web Platform. This article describes the deprecations and removals in Chrome 58, which is in beta as of March 16. This list is subject to change at any time.
Mouse on Android stops firing TouchEvents
Until Chrome 57, Android low-level mouse events in Chrome primarily followed an
event path designed for touch interactions. For example, mouse drag motion while
a mouse button is pressed generates MotionEvents
delivered through
View.onTouchEvent
.
But since touch events cannot support hover, hovering mousemoves followed a
separate path. The design had many side-effects including mouse interactions
firing TouchEvents
, all mouse buttons appearing as left mouse buttons, and
MouseEvents
being suppressed by TouchEvents
.
Starting with Chrome 58, a mouse on Android M or later will:
- No longer fire
TouchEvents
. - Fire a consistent sequence of
MouseEvents
with appropriate buttons and other properties.
Intent to Remove | Chromestatus Tracker | Chromium Bug
Remove case-insensitive matching for usemap attribute
The usemap
attribute was formerly defined as caseless. Unfortunately
implementing this was complicated enough that no browsers implemented it
correctly. Research suggested that such a complicated algorithm is unnecessary,
and even ASCII case-insensitive matching is unnecessary.
Consequently, the specification was updated so that case-sensitive matching is applied. The old behavior was deprecated in Chrome 57, and is now removed.
Intent to Remove | Chromestatus Tracker | Chromium Bug
Remove EME from non-secure contexts
Some usages of Encrypted Media Extenions (EME) expose digital rights management implementations that are not open source, involve access to persistent unique identifiers, and/or run unsandboxed or with privileged access. Security risks are increased for sites exposed via non-secure HTTP because they can be attacked by anyone on the channel. Additionally, when user consent is required, acceptance persisted for a non-secure HTTP site can be exploited by such an attacker.
Support for non-secure contexts was removed from the EME version 1 spec and is not supported in the proposed recommendation nor anticipated in the subsequent final. will not be in the upcoming proposed recommendation or subsequent final recommendation. The API has been showing a deprecation message on non-secure origins since Chrome 44 (May 2015). In Chrome 58, it is now removed. This change is part of our broader effort to remove powerful features from unsecure origins.
Intent to Remove | Chromestatus Tracker | Chromium Bug
Remove legacy caller for HTMLEmbedElement and HTMLObjectElement
That an interface has a legacy caller means that an instance can be called as a
function. Currently, HTMLEmbedElement
and HTMLObjectElement
support this
functionality. In Chrome 57 this ability was deprecated. Starting in Chrome 58,
calling throws an exception.
This change brings Chrome in line with recent spec changes. The legacy behavior is not supported in Edge or Safari, and it is being removed from Firefox.
Intent to Remove | Chromestatus Tracker | Chromium Bug
Remove deprecated names for motion path properties
Motion path CSS properties allow authors to animate any graphical object along an author-specified path. In compliance with the spec, several properties were implemented in Chrome 45. The names of these properties were changed in the spec in mid 2016. Chrome implemented the new names in Chrome 55 and Chrome 56. Console deprecation warnings were also implemented.
In Chrome 58, the old property names are being removed. The affected properties and their new names are shown below.
Removed Property | Current Name |
---|---|
motion-path | offset-path |
motion-offset | offset-distance |
motion-rotation | offset-rotate |
motion | offset |
Remove support for commonName matching in certificates
RFC 2818 describes two methods to match a
domain name against a certificate: using the available names within the
subjectAlternativeName
extension, or, in the absence of a SAN extension,
falling back to the commonName
. The fallback to the commonName
was
deprecated in RFC 2818 (published in 2000), but support remains in a number of
TLS clients, often incorrectly.
The use of the subjectAlternativeName
fields leaves it unambiguous whether a
certificate is expressing a binding to an IP address or a domain name, and is
fully defined in terms of its interaction with Name Constraints. However, the
commonName
is ambiguous, and because of this, support for it has been a source
of security bugs in Chrome, the libraries it uses, and within the TLS ecosystem
at large.
The compatibility risk for removing commonName
is low. RFC 2818 has
deprecated this for nearly two decades, and the
baseline requirements
(which all publicly trusted certificate authorities must abide by) has required
the presence of a subjectAltName
since 2012. Firefox already requires the
subjectAltName
for any newly issued publicly trusted certificates since
Firefox 48.
Note: Enterprises that need to support such certificates for internal purposes
may set the EnableCommonNameFallbackForLocalAnchors
Enterprise policy.
Intent to Remove | Chromestatus Tracker | Chromium Bug
Remove webkitdropzone global attribute
The dropzone
global attribute was introduced by the
HTML5 drag and drop specification
as a declarative method for specifying an HTML element's willingness to be the
target of a drag-and-drop operation, the content types that can be dropped onto
the element, and the drag-and-drop operation (copy/move/link).
The attribute failed to gain traction among browser vendors. Blink and WebKit
only implement a prefixed form of the attribute, webkitdropzone
. Because the
dropzone
attribute was removed from the spec in
early March 2017
the prefixed version is being removed from Chrome.
Intent to Remove | Chromestatus Tracker | Chromium Bug
VTTRegion-related bits of TextTrack
The interface elements regions, addRegion()
and removeRegion()
, have been
removed from the WebVTT spec and is removed in Chrome 58 to comply with
the latest spec. We expect little impact from
this removal since the feature was never enabled by default (meaning it was
behind a flag). Those needing an alternative can use the VTTCue.region
property which is being added in Chrome 58.
Chromestatus Tracker | Chromium Bug
WebAudio: remove AudioSourceNode interface
The AudioSourceNode
interface is not part of the
Web Audio specification,
is not constructible, and has no attributes so it basically has no developer-
accessible functionality. Therefore it is being removed.
Intent to Remove | Chromestatus Tracker | Chromium Bug
<<../../_deprecation-policy.md>>