Deprecations and Removals in Chrome 60
In nearly every version of Chrome, we see a significant number of updates and improvements to the product, its performance, and also capabilities of the Web Platform. This article describes the deprecations and removals in Chrome 60, which is in beta as of June 8. This list is subject to change at any time.
Security
crypto.subtle now requires a secure origin
The Web Crypto API
which has been supported since Chrome 37 has always worked on non-secure
origins. Because of Chrome's long-standing policy of
prefering secure origins for powerful features,
crypto.subtle
is no only visible on secure origins.
Intent to Remove | Chromium Bug
Remove content-initiated top frame navigations to data URLs
Because of their unfamilliarity to non-technical browser users, we're
increasingly seeing the data:
scheme being used in spoofing and phishing
attacks. To prevent this, we're blocking web pages from loading data:
URLs
in the top frame. This applies to <a>
tags, window.open
,
window.location
and similar mechanisms. The data:
scheme will still work for
resources loaded by a page.
This feature was deprecated in Chrome 58 and is now removed.
Intent to Remove | Chromestatus Tracker | Chromium Bug
Temporarily disable navigator.sendBeacon() for some blobs
The navigator.sendBeacon()
function has been available
since Chrome 39.
As originally implemented, the function's data
argument could contain any
arbitrary blob whose type is not CORS-safelisted. We believe this is a potential
security threat, though no one has yet tried to exploit it. Because we do NOT
have a reasonable immediate fix for it, temporarily, sendBeacon()
can no
longer be invokable on blobs whose type is NOT CORS-safelisted.
Although this change was implemented for Chrome 60, it is has since been merged back to Chrome 59.
CSS
Make shadow-piercing descendant combinator behave like descendent combinator
The shadow-piercing descendant combinator (>>>
), part of
CSS Scoping Module Level 1
, was intended to match the children of a particular ancestor element
even when they appeared inside of a shadow tree. This had some limitations.
First, per the spec, it
could only be used in JavaScript calls such as querySelector()
and did not
work in stylesheets. More importantly, browser vendors were unable to make it
work beyond one level of the Shadow DOM.
Consequently, the descendant combinator has been removed from relevant specs including Shadow DOM v1. Rather than break web pages by removing this selector from Chromium, we've chosen instead to alias the shadow-piercing descendent combinator to the descendant combinator. The original behavior was deprecated in Chrome 45. The new behavior is implemented in Chrome 60.
Intent to Remove | Chromestatus Tracker | Chromium Bug
JavaScript
Move getContextAttributes() behind a flag
The getContextAttributes()
function has been supported on
CanvasRenderingContext2D
since 2013. However the feature was not part of any standard and has not become
part of one since that time. It should have been implemented behind the
--enable-experimental-canvas-features
command line flag, but was mistakenly
not. In Chrome 60 this oversight has been corrected. It's believed that this
change is safe, since there's no data showing that anyone is using the method.
Remove Headers.prototype.getAll()
The Headers.prototype.getAll()
function is being removed per the latest
version of the Fetch specification.
Intent to Remove | Chromestatus Tracker | Chromium Bug
Remove indexedDB.webkitGetDatabaseNames()
We added this feature when Indexed DB was relatively new in Chrome and prefixing was all the rage. The API asynchronously returns a list of existing database names in an origin, which seemed sensible enough.
Unfortunately, the design is flawed, in that the results may be obsolete as soon as they are returned, so it can really only be used for logging, not serious application logic. The github issue tracks/links to previous discussion on alternatives, which would require a different approach. While there's been on-and-off interest by developers, given the lack of cross- browser progress the problem has been worked around by library authors.
Developers needing this functionality need to develop their own solution. Libraries like Dexie.js for example use a global table ßwhich is itself another database to track the names of databases.
This feature was deprecated in Chrome 58 and is now removed.
Intent to Remove | Chromestatus Tracker | Chromium Bug
Remove WEBKIT_KEYFRAMES_RULE and WEBKIT_KEYFRAME_RULE
The non-standard WEBKIT_KEYFRAMES_RULE
and WEBKIT_KEYFRAME_RULE
constants
are removed from
CSS Rule.
Developers should use KEYFRAMES_RULE
and KEYFRAME_RULE
instead.
Intent to Remove | Chromestatus Tracker | Chromium Bug
<<../../_deprecation-policy.md>>