Google Chrome 105 has a number of changes under the hood, one of which is the User-Agent Client Hint, an API that exposes information about device activity and conditions so that developers can make their web pages dynamically responsive to a variety of hardware. With the release of Chrome 100 in March, Google is admonishing web developers that they must migrate to this client-side hint API by March 2023, rather than relying on user-agent strings.
As such, criticism of the client-side hinting API is not new, but Chrome 105 made some changes to it, and developers can request height information for the browser window where content is displayed. Previously, this API only exposed the width of the viewport, but Google believes that getting the height is also useful to ensure that height-constrained images on web pages display properly. The syntax for clients to prompt delegated access is also changing in response to developer feedback.
Google highlighted a problem report dating back to 2020, in this thread,appleThe WebKit team mentioned concerns about the client-side prompt API being used to identify users.
Here is an excerpt from that post:
I may have misread the spec, but as written, getHighEntropyValues appears to have access to all high-entropy client-side hints for 3rd party scripts in 1st party contexts and scripts running in 3rd party iframes, regardless of the website passing the relevant HTTP headers Which prompt is selected.
If you’re wondering why Apple’s idea of the Chrome browser is so important, it’s because web developers better hope to write code that’s consistent and compatible across all browsers. Therefore, when it comes to a new feature, support from major browser vendors is important. If a vendor rejects a feature, it means the developer either drops the feature entirely or writes specific code for that browser to ensure cross-platform compatibility and behavior.
There are a few other notable changes, though not as controversial. Using WebSQL in non-secure situations is deprecated because it was a legacy specification from 2009, Apple dropped it in 2019, and Mozilla didn’t even implement it. Other features removed in Chrome 105 include gesture scrolling DOM events that were never intended to be released and the ability to use “default” CSS keywords in custom identifiers.
A global event handler called “onbeforeinput” was also introduced, which is supported by Apple, Mozilla, and web developers. Likewise, another new feature that is supported by developers is to explicitly mark resources that should be blocked from rendering.
Other features released with Chrome 105 are: container queries that provide more composition styles for elements, two pseudo-class selectors, an easier access to TransformStreAMDmethods of the defaultController class, and some new methods for the navigation class, as well as some behavior changes for fixed elements during superscrolling.
Another thing that will make developers who use the file system access API very happy is the ability to get writable and readable directories at the same prompt. Previously, this only returned the latter, which caused confusion and permission fatigue for users. Also, a method to get the upload stream has been introduced, so developers don’t have to write extra messy code on WebSocket to achieve the same purpose. Additionally, an MVP version of the Sanitizer API will be released, which enables developers to build XSS-free web applications in an easier way by offloading some of the maintenance burden onto the platform.
Chrome is also working on a major overhaul of the audio input and output mechanism. Streaming and videoconferencing applications should now explicitly request to receive non-system audio. There’s also a new way to resolve imported URLs, and a Media Source Extension (MSE) API, plus it’s now easier to create a JSON response. Worklet loading is now also reported to resource timings for added transparency.
While these are generally available features, there are also quite a few that are locked behind the developer badge. These features include capping all timers (including DOM timers) to 125Hz, which should encourage developers to migrate to better, more power-efficient alternatives. Other interesting features include anonymous iframe objects (read all the technical details here), removing the merchant identity from the “canmakepayment” service worker event, and exposing the WebHID API to extension service workers.
In addition to being already available on Android, Google is also implementing a desktop version of Priorender 2 for functional parity. those on androidcell phoneAnyone playing games on a gamepad will be happy to know that the gamepad API will be able to take advantage of haptic feedback options like triggered shake and double shake (Android 12+ only). Finally, Chrome 105 also implements the TLS Encrypted Client Hello feature (ECH) to improve post-flag privacy, an approach similar toMicrosoftEdge。
As you might have guessed from the length of this article, Chrome 105 is a major update. It will start rolling out later today. If Chrome doesn’t automatically update to version 105 during the day, go to Help > About Google Chrome to trigger the update when it becomes available. Next up is Chrome 106, which hits the beta channel on September 1st and will hit the stable release on September 27th.