Report fallback resource timing for no-TAO iframes

When encountering a cross-origin iframe without TAO, don't automatically
report its fetch start/end times, as that might expose user interaction
with the iframe (a cross-origin violation).

Instead, report a fallback resource timing entry, with the navigation start
time and the load event time of the iframe, which are already observable.

Depends on whatwg/fetch#1579
Closes w3c/resource-timing#340

source

@@ -2567,6 +2567,7 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
      <li><dfn data-x-href="https://fetch.spec.whatwg.org/#determine-the-network-partition-key">determine the network partition key</dfn></li>
      <li><dfn data-x-href="https://fetch.spec.whatwg.org/#extract-full-timing-info">extract full timing info</dfn></li>
      <li><dfn data-x-href="https://fetch.spec.whatwg.org/#byte-sequence-as-a-body">as a body</dfn></li>
+     <li><dfn data-x="response-body-info" data-x-href="https://fetch.spec.whatwg.org/#response-body-info">response body info</dfn></li>
      <li>
       <dfn data-x="concept-response"
       data-x-href="https://fetch.spec.whatwg.org/#concept-response">response</dfn> and its
@@ -2584,6 +2585,7 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
        <li><dfn data-x="concept-response-timing-info" data-x-href="https://fetch.spec.whatwg.org/#concept-response-timing-info">timing info</dfn></li>
        <li><dfn data-x="concept-response-service-worker-timing-info" data-x-href="https://fetch.spec.whatwg.org/#response-service-worker-timing-info">service worker timing info</dfn></li>
        <li><dfn data-x="concept-response-has-cross-origin-redirects" data-x-href="https://fetch.spec.whatwg.org/#response-has-cross-origin-redirects">has-cross-origin-redirects</dfn></li>
+       <li><dfn data-x="concept-response-timing-allow-passed" data-x-href="https://fetch.spec.whatwg.org/#concept-response-timing-allow-passed">timing allow passed</dfn></li>
        <li>
         <dfn data-x-href="https://wicg.github.io/background-fetch/#extract-content-range-values">extract content-range values</dfn>
         <!-- TODO: move this to FETCH -->
@@ -2637,7 +2639,8 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
       data-x-href="https://fetch.spec.whatwg.org/#fetch-timing-info">fetch timing info</dfn> and its
       associated:
       <ul class="brief">
-       <li><dfn data-x="fetch-timing-info-start-time" data-x-href="https://fetch.spec.whatwg.org/#fetch-timing-info-start-time">start time</dfn></li>
+        <li><dfn data-x="fetch-timing-info-start-time" data-x-href="https://fetch.spec.whatwg.org/#fetch-timing-info-start-time">start time</dfn></li>
+        <li><dfn data-x="fetch-timing-info-end-time" data-x-href="https://fetch.spec.whatwg.org/#fetch-timing-info-end-time">start time</dfn></li>
       </ul>
      </li>
     </ul>
@@ -2695,6 +2698,16 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
     </ul>
    </dd>
 
+   <dt>Resource Timing</dt>
+
+   <dd>
+    <p>The following terms are defined in <cite>Resource Timing</cite>: <ref spec=RESOURCETIMING></p>
+
+    <ul class="brief">
+     <li><dfn data-x-href="https://w3c.github.io/resource-timing/#dfn-mark-resource-timing">Mark resource timing</dfn></li>
+    </ul>
+   </dd>
+
    <dt>Long Tasks</dt>
 
    <dd>
@@ -31878,6 +31891,11 @@ interface <dfn interface>HTMLIFrameElement</dfn> : <span>HTMLElement</span> {
    document</span> is not <span>completely loaded</span>, then set <var>historyHandling</var> to
    "<code data-x="hh-replace">replace</code>".</p></li>
 
+   <li><p>If <var>element</var> is an <code>iframe</code>, then set <var>element</var>'s <span
+   data-x="iframe-pending-resource-timing-start-time">pending resource-timing start time</span> to
+   the <span>current high resolution time</span> given <var>element</var>'s
+   <span>node document</span>'s <span>relevant global object</span>.</p></li>
+
    <li><p><span>Navigate</span><!--DONAV iframe or frame--> <var>element</var>'s <span>nested
    navigable</span> to <var>url</var> using <var>element</var>'s <span>node document</span>, with
    <i data-x="navigation-hh">historyHandling</i> set to <var>historyHandling</var>, <i
@@ -31902,6 +31920,32 @@ interface <dfn interface>HTMLIFrameElement</dfn> : <span>HTMLElement</span> {
    <li><p>If <var>childDocument</var> has its <span>mute iframe load</span> flag set, then
    return.</p></li>
 
+   <li>
+    <p>If <var>element</var>'s <span
+    data-x="iframe-pending-resource-timing-start-time">pending resource-timing start time</span> is
+    not null, then:</p>
+
+    <ol>
+      <li><p>Let <var>global</var> be <var>element</var>'s <span>node document</span>'s
+      <span>relevant global object</span>.</p></li>
+
+      <li><p>Let <var>fallbackTimingInfo</var> be a new <span
+      data-x="fetch-timing-info">fetch timing info</span> whose <span
+      data-x="fetch-timing-info-start-time">start time</span> is <var>element</var>'s <span
+      data-x="iframe-pending-resource-timing-start-time">pending resource-timing start time</span>
+      and whose <span data-x="fetch-timing-info-end-time">response end time</span> is the
+      <span>current high resolution time</span> given <var>global</var>.</p></li>
+
+      <li><p><span>Mark resource timing</span> given <var>fallbackTimingInfo</var>, <var>url</var>,
+      "<code>iframe</code>", <var>global</var>, the empty string, a new
+      <span data-x="response-body-info">response body info</span>, and 0.</p></li>
+
+      <li><p>Set <var>element</var>'s <span
+      data-x="iframe-pending-resource-timing-start-time">pending resource-timing start time</span>
+      to null.</p></li>
+    </ol>
+   </li>
+
    <li><p>Set <var>childDocument</var>'s <span>iframe load in progress</span> flag.</p></li>
 
    <li><p><span data-x="concept-event-fire">Fire an event</span> named <code
@@ -31943,6 +31987,10 @@ interface <dfn interface>HTMLIFrameElement</dfn> : <span>HTMLElement</span> {
   <p>An <code>iframe</code> element whose <span>current navigation was lazy loaded</span> boolean is
   false <span>potentially delays the load event</span>.</p>
 
+  <p>Each <code>iframe</code> element has an associated null or
+  <span><code>DOMHighResTimeStamp</code></span> <dfn
+  data-x="iframe-pending-resource-timing-start-time">pending resource-timing start time</dfn>,
+  initially set to null.</p>
   </div>
 
   <!-- END of section that's very similar to <frame> -->
@@ -91795,6 +91843,18 @@ location.href = '#foo';</code></pre>
    <var>sourceSnapshotParams</var>'s <span data-x="source-snapshot-params-policy-container">source
    policy container</span>, null, and <var>responsePolicyContainer</var>.</p></li>
 
+   <li>
+    <p>If <var>navigable</var>'s <span data-x="nav-container">container</span> is an
+    <code>iframe</code>, and <var>response</var>'s <span
+    data-x="concept-response-timing-allow-passed">timing allow passed flag</span> is set, then
+    set <span data-x="nav-container">container</span>'s <span
+    data-x="iframe-pending-resource-timing-start-time">pending resource-timing start time</span> to
+    null.</p>
+
+    <p class="note">If the <code>iframe</code> is allowed to report to resource timing,
+    we don't need to run its fallback steps as the normal reporting would happen.</p>
+   </li>
+
    <li>
     <p>Return a new <span>navigation params</span>, with</p>
 
@@ -131192,6 +131252,9 @@ INSERT INTERFACES HERE
    <dt id="refsRESOURCEHINTS">[RESOURCEHINTS]</dt>
    <dd><cite><a href="https://w3c.github.io/resource-hints/">Resource Hints</a></cite>, I. Grigorik. W3C.</dd>
 
+   <dt id="refsRESOURCETIMING">[RESOURCETIMING]</dt>
+   <dd><cite><a href="https://w3c.github.io/resource-timing/">Resource Timing</a></cite>, Yoav Weiss; Noam Rosenthal. W3C.</dd>
+
    <dt id="refsRFC1034">[RFC1034]</dt>
    <dd><cite><a href="https://www.rfc-editor.org/rfc/rfc1034">Domain Names - Concepts and Facilities</a></cite>, P. Mockapetris. IETF, November 1987.</dd>