Interactivity: Fix crypto.randomUUID crash in non-secure contexts (#76151)

scruffian · aduth · luisherranz · scruffian · commit 54b53f8e02ba · 2026-03-06T12:36:30.000Z
* Interactivity: Fix crypto.randomUUID crash in non-secure contexts crypto.randomUUID() is only available in secure contexts (HTTPS or localhost). Sites served over plain HTTP (e.g. http://wp-src.test) crash the entire interactivity module at import time. Add a feature-detection guard that falls back to a Math.random-based identifier when crypto.randomUUID is unavailable. The sessionId only needs to be unique per page load, not cryptographically secure. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Interactivity: Use crypto.getRandomValues for sessionId fallback crypto.getRandomValues is available in all contexts (not just secure contexts like randomUUID), providing a better fallback than Math.random. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Simplify sessionId * Add changelog Also fixes previous entry --------- Co-authored-by: scruffian <scruffian@git.wordpress.org> Co-authored-by: aduth <aduth@git.wordpress.org> Co-authored-by: luisherranz <luisherranz@git.wordpress.org>
diff --git a/packages/interactivity/CHANGELOG.md b/packages/interactivity/CHANGELOG.md
@@ -2,13 +2,18 @@
 
 ## Unreleased
 
+### Bug Fixes
+
+-   Fix `sessionId` generation crashing in non-secure (non-HTTPS) contexts. ([#76151](https://github.com/WordPress/gutenberg/pull/76151))
+-   Add `initialVdomPromise` synchronization promise to ensure the router waits for hydration to complete before initializing, fixing dead DOM on Safari and Firefox. ([#76053](https://github.com/WordPress/gutenberg/pull/76053))
+
 ## 6.41.0 (2026-03-04)
 
 ## 6.40.0 (2026-02-18)
 
 ### New Features
 
--   Export `watch()` function for subscribing to signal changes outside of directives.
+-   Export `watch()` function for subscribing to signal changes outside of directives. ([#75563](https://github.com/WordPress/gutenberg/pull/75563))
 
 ## 6.39.0 (2026-01-29)
 
diff --git a/packages/interactivity/src/utils.ts b/packages/interactivity/src/utils.ts
@@ -518,7 +518,7 @@ export const navigationSignal = signal( 0 );
  * events for entries created in a previous session trigger a full reload
  * instead of a client-side navigation that would leave stale content.
  */
-export const sessionId = crypto.randomUUID();
+export const sessionId = Math.random().toString( 36 ).slice( 2 );
 
 /**
  * Recursively clones the passed object.
