crm.ajax.js uses synchronous XHR
Overview
When editing a contribution loaded in a modal, if the server is configured to disallow synchronous XHR, the "Cancel" and "Save" buttons don't appear.
Example use-case
- In your web server config, modify your Permissions-Policy or add one that disables synchronous XHR, e.g. for Apache:
Header always set Permissions-Policy "sync-xhr=()"
- Click Edit next to a contribution (without opening in a new tab, so it appears in a modal).
Current behaviour
"Cancel" and "Save" buttons are missing.
Proposed behaviour
"Cancel" and "Save" buttons should appear.
Comments
The console error is:
[Violation] Permissions policy violation: Synchronous requests are disabled by permissions policy.
It faults crm.ajax.js
line 329 (currently: that.element.html(data.content);
).
Per the XHR spec:
Synchronous XMLHttpRequest outside of workers is in the process of being removed from the web platform as it has detrimental effects to the end user’s experience. (This is a long process that takes many years.) Developers must not pass false for the async argument when the current global object is a Window object. User agents are strongly encouraged to warn about such usage in developer tools and may experiment with throwing an "InvalidAccessError" DOMException when it occurs.
This isn't urgent - most folks aren't blocking Synchronous XHR - but since this is the only issue I've seen in months of having this permissions policy, it seems like we can get atop things.