This article is more than 1 year old
Node.js community finally prodded to patch Chromium XHR bug after developer refuses to let flaw stand
If at first you don't succeed, try, try... try, try, try... try again
The Node.js community has finally taken steps to address a longstanding bug that has been hobbling XHR requests over HTTP/2 in Chromium-based browsers, though the fix won't be immediately available to everyone.
"HTTP/2 XHR requests are literally broken in Chrome/Chromium, but no other browsers," explained a software developer who asked to be referred to by the pseudonym niftylettuce, in an email to The Register last week.
XMLHttpRequest (XHR) object offers a way to fetch resources over the network. Though the recently introduced Fetch API offers a more modern alternative, XHR is still widely used.
And about half the time currently – 47.5 per cent – XHR requests travel over HTTP/2, a revision the HTTP protocol approved in 2015 and currently the recommended spec, even as HTTP/3 is starting to see some use.
For Node.js developers implementing XHR requests over HTTP/2, there have been problems. In January, Niftylettuce reported that XHR requests with a Node.js server running HTTP/2 stall and fail to end. But the problem appears to date back further given a similar bug report back in 2017 and another complaint from 2019 .
Node.js creator delivers Deno 1.0, a new runtime that fixes 'design mistakes in Node'READ MORE
"To me this is a severe and critical flaw, and potentially a vulnerability too," wrote niftylettuce. "Having something be in a stalled/queued state for an indefinite period of time can't be good…"
Based on a Shodan search, there are at least 125,000 websites potentially affected by this issue, niftylettuce said, adding that such sites probably suffer from decreased Google PageRank, PageInsights, Lighthouse scores due to the weight Google gives to HTTP/2 in its ranking algorithms.
The XHR fix isn't likely to appear in upcoming or past versions of Node.js all that soon because it will need to be manually backported to the current Node v14 and earlier versions.
But eventually, the bug will be exterminated. If you want changes in an open source project, you either make them yourself or make enough noise to motivate others, it appears. ®