DRUPAL: CHROME 83 CANCELS JQUERY.FORM AJAX REQUESTS VIA HTTPS
There are customers who don't understand that the software "is alive". Even if you don't touch anything, some things still break. For this and other reasons, it is highly recommended that websites have minimum maintenance and that they are updated to the latest versions.
In this case, I want to talk about what has happened this last week with Drupal 7/8 and the update to the latest version of Google Chrome.
Drupal 7 is already many years old in the market and is getting outdated, then Drupal 8 was released (in 2015), and just today I published another article about Drupal 9 and its release today. As you can see, this means that the websites using Drupal 7 today are websites with several years in operation behind them.
Although Drupal 7 is getting outdated, it is still supported (entitled to official community updates) until 2021. This means that when a security bug or other major issue is detected … the community (drupal.org) moves to be able to publish the solution as soon as possible.
In this case, during the last week, the Chrome browser has been updated to its latest version 83. And one of the features that have caused that for https security ajax requests in forms is blocked. This basically causes that if you try to create/edit a page in Drupal, you can't edit/modify/delete either paragraphs, or media, nor images, nor attachments, nor referenced entities (product variations for example).
This is not really a security risk per se, but in recent years/months Google has been adamant in its decision to force some behaviours in its browser, especially with regard to https. This is basically what Internet Explorer was doing 10 years ago, and all it did was turn most web developers against it. And it's my opinion, but more and more I see Chrome as a substitute for what Internet Explorer was. RAM consumption, slowness, forcing developers to do things in a certain way, breaking backwards compatibility, making websites that until now were functional completely broken …. better not continue that this gives me for another blog article.
Back to the main topic, Chrome has broken the forms of many Drupal websites (and I guess of other CMS). The community detected this about 2 weeks ago (not all computers in the world are updated at the same time), they got down to work, detected what was happening, created a patch, tested that it did not break other things and was published in the latest versions of Drupal (this was today June 3, 2020).
One of the biggest advantages of Drupal against other solutions to create websites… is its COMMUNITY. In just 2 weeks the bug has been detected, fixed, tested and published. All this for free. Now it only remains that all Drupal websites are updated to the latest version, which as always is a fairly easy upgrade to do.
This article was a bit of a vent. That a client blames you because since 2 days ago he can't edit the contents of his website … is quite frustrating. Especially when it is one of the typical customers who think it is not worth having a monthly update maintenance contract. And especially when the blame is on Chrome for changing the rules of the game that have been valid for the last few years, while other browsers like Firefox, Safari, Edge, among others, continue to work as usual.
Bottom line. Chrome is the most used browser, but it gives more and more problems.
If you have a Drupal website, ask your IT people to update it to the latest version or stop using Chrome.
If you want to know more info about this bug that Chrome has created, you can see the issues in Drupal.org:
https://www.drupal.org/project/drupal/issues/3143016
https://www.drupal.org/project/drupal/issues/3138421
Have Any Project in Mind?
If you want to do something in Drupal maybe you can hire me.
Either for consulting, development or maintenance of Drupal websites.