Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upPerformanceResourceTiming: TimingAllowCheck #21270
Closed
Comments
|
@highfive assign me |
|
Hey @tdelacour! Thanks for your interest in working on this issue. It's now assigned to you! |
|
Are you still working on this @tdelacour? |
|
@jdm sorry, I've had a busy couple of weeks and have been squatting on this one! Hoping to get some time after the end of this week, but maybe un-assign me for now & I'll pick it up again in a bit if it's still available? |
This was referenced Jun 24, 2019
|
I'd be interested in this. Although, I probably won't get to it for another week or two. |
|
Leave a comment when you're ready to start looking at it, in that case :) |
|
Cool, will do. Thanks! |
|
@jdm @RestitutorOrbis Javed, if you change your mind, I'd love to take this task. |
|
@highfive assign me. I'm good to take this on now. |
|
Hey @RestitutorOrbis! Thanks for your interest in working on this issue. It's now assigned to you! |
|
@jdm What files should I take a look at to take on this issue? |
|
@RestitutorOrbis I would expect this to affect:
|
|
@jdm Just to confirm, for http_loader.rs, I should be looking at the function obtain_response and I need to write my timing allow check to run anytime after the call to "request_headers.clone()". Does that sound reasonable? |
|
Anytime after this code is when the response headers will be available, which are the ones that can contain the HTTP headers about allowing the Timing-Allow-Origin response header. |
|
@jdm Which tests in https://github.com/servo/servo/tree/master/tests/wpt/web-platform-tests/resource-timing are relevant? Is it just resource-timing/resource_TAO_origin.htm, resource-timing/resource_TAO_zero.htm, and resource-timing/TAO-crossorigin-port.sub.html? |
|
I would expect any of the tests with TAO in the name to be relevant. |
bors-servo
added a commit
that referenced
this issue
Sep 17, 2019
Add PerformanceResourceTiming:TimingAllowCheck Added timing allow check to http_loader.rs in `fn http_network_fetch`. <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: --> - [x] `./mach build -d` does not report any errors - [x] `./mach test-tidy` does not report any errors - [x] These changes fix #21270 ### Things to Do - [x] Map header values from Timing-Allow-Origin to URL types using [Url::Parse](https://docs.rs/url/2.0.0/url/) - [x] Check equality of those header URL origin with the origin in question - [x] Just use url instead of `res.origin` - [x] Change `.set_attribute(ResourceAttribute::RedirectStart(0))` to `.set_attribute(ResourceAttribute::RedirectStart(RedirectStartValue::Zero))` - [x] Change `.set_attribute(ResourceAttribute::RedirectEnd(0))` to `.set_attribute(ResourceAttribute::RedirectEnd(RedirectEndValue::Zero))` - [x] Figure out how to set DomainLookupStart, RequestStart, and ResponseStart without directly passing value as part of enum - [x] Figure out how to handle lack of DomainLookupEnd (#21260) and SecureConnectionStart (#21268) - [x] add a flag to ResourceFetchTiming that indicates if the timing check passed, and only update timing attributes if that flag is false - [x] add function to mark timing test as failed and set all attributes to 0 - [x] resolve compile error regarding move of header_strings variable - [x] resolve URL parse errors that appear during test execution - [x] ~~Fix /resource-timing/crossorigin-sandwich-no-TAO.sub.html~~ (Refer to resource_TAO_cross_origin_redirect_chain.html) - [x] ~~Fix /resource-timing/crossorigin-sandwich-TAO.sub.html~~ (Refer to resource_TAO_cross_origin_redirect_chain.html) - [x] ~~Fix /resource-timing/resource-reload-TAO.sub.html~~ (Get TIMEOUT, fails on Firefox too?) - [x] ~~Fix /resource-timing/resource_TAO_cross_origin_redirect_chain.html~~ (Problem seems to lie in loading the iFrame, when the request is made, the URL attached to the PerformanceResourceTiming interface is the initial URL set on the iFrame instead of the URL that is ultimately loaded) - [x] ~~Fix resource-timing/resource_TAO_multi_wildcard.html~~ (Doesn't work because IMG element doesn't generate HTTP request with Origin field) - [x] Fix /resource-timing/resource_TAO_match_origin.htm - [x] Fix /resource-timing/resource_TAO_match_wildcard.htm - [x] Fix /resource-timing/resource_TAO_multi.htm - [x] Fix /resource-timing/resource_TAO_wildcard.htm - [x] Fix /resource-timing/resource_TAO_zero.htm - [x] Fix /resource-timing/resource_TAO_null.htm - [x] Fix /resource-timing/resource_TAO_origin.htm (tests for responseStart and domainLookupEnd fail because #21260 and #21271 haven't been resolved) - [x] Fix /resource-timing/resource_TAO_space.htm - [x] Fix /resource-timing/resource_TAO_origin_uppercase.htm - [x] ~~Fix /resource-timing/resource_timing_TAO_cross_origin_redirect.html~~ (Refer to resource_TAO_cross_origin_redirect_chain.html) - [x] ~~Fix /resource-timing/TAO-case-insensitive-null-opaque-origin.sub.html~~ (TIMEOUT, doesn't seem to parse iFrame SRC correctly? There doesn't seem to be any sign that it makes a request to TAOResponse.py) - [x] Fix /resource-timing/TAO-crossorigin-port.sub.html - [x] ~~Fix /resource-timing/TAO-null-opaque-origin.sub.html~~ (Refer to /resource-timing/TAO-crossorigin-port.sub.html) <!-- Either: --> - [x] There are tests for these changes OR - [ ] These changes do not require tests because ___ <!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.--> <!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. --> <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/23873) <!-- Reviewable:end -->
bors-servo
added a commit
that referenced
this issue
Sep 18, 2019
Add PerformanceResourceTiming:TimingAllowCheck Added timing allow check to http_loader.rs in `fn http_network_fetch`. <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: --> - [x] `./mach build -d` does not report any errors - [x] `./mach test-tidy` does not report any errors - [x] These changes fix #21270 ### Things to Do - [x] Map header values from Timing-Allow-Origin to URL types using [Url::Parse](https://docs.rs/url/2.0.0/url/) - [x] Check equality of those header URL origin with the origin in question - [x] Just use url instead of `res.origin` - [x] Change `.set_attribute(ResourceAttribute::RedirectStart(0))` to `.set_attribute(ResourceAttribute::RedirectStart(RedirectStartValue::Zero))` - [x] Change `.set_attribute(ResourceAttribute::RedirectEnd(0))` to `.set_attribute(ResourceAttribute::RedirectEnd(RedirectEndValue::Zero))` - [x] Figure out how to set DomainLookupStart, RequestStart, and ResponseStart without directly passing value as part of enum - [x] Figure out how to handle lack of DomainLookupEnd (#21260) and SecureConnectionStart (#21268) - [x] add a flag to ResourceFetchTiming that indicates if the timing check passed, and only update timing attributes if that flag is false - [x] add function to mark timing test as failed and set all attributes to 0 - [x] resolve compile error regarding move of header_strings variable - [x] resolve URL parse errors that appear during test execution - [x] ~~Fix /resource-timing/crossorigin-sandwich-no-TAO.sub.html~~ (Refer to resource_TAO_cross_origin_redirect_chain.html) - [x] ~~Fix /resource-timing/crossorigin-sandwich-TAO.sub.html~~ (Refer to resource_TAO_cross_origin_redirect_chain.html) - [x] ~~Fix /resource-timing/resource-reload-TAO.sub.html~~ (Get TIMEOUT, fails on Firefox too?) - [x] ~~Fix /resource-timing/resource_TAO_cross_origin_redirect_chain.html~~ (Problem seems to lie in loading the iFrame, when the request is made, the URL attached to the PerformanceResourceTiming interface is the initial URL set on the iFrame instead of the URL that is ultimately loaded) - [x] ~~Fix resource-timing/resource_TAO_multi_wildcard.html~~ (Doesn't work because IMG element doesn't generate HTTP request with Origin field) - [x] Fix /resource-timing/resource_TAO_match_origin.htm - [x] Fix /resource-timing/resource_TAO_match_wildcard.htm - [x] Fix /resource-timing/resource_TAO_multi.htm - [x] Fix /resource-timing/resource_TAO_wildcard.htm - [x] Fix /resource-timing/resource_TAO_zero.htm - [x] Fix /resource-timing/resource_TAO_null.htm - [x] Fix /resource-timing/resource_TAO_origin.htm (tests for responseStart and domainLookupEnd fail because #21260 and #21271 haven't been resolved) - [x] Fix /resource-timing/resource_TAO_space.htm - [x] Fix /resource-timing/resource_TAO_origin_uppercase.htm - [x] ~~Fix /resource-timing/resource_timing_TAO_cross_origin_redirect.html~~ (Refer to resource_TAO_cross_origin_redirect_chain.html) - [x] ~~Fix /resource-timing/TAO-case-insensitive-null-opaque-origin.sub.html~~ (TIMEOUT, doesn't seem to parse iFrame SRC correctly? There doesn't seem to be any sign that it makes a request to TAOResponse.py) - [x] Fix /resource-timing/TAO-crossorigin-port.sub.html - [x] ~~Fix /resource-timing/TAO-null-opaque-origin.sub.html~~ (Refer to /resource-timing/TAO-crossorigin-port.sub.html) <!-- Either: --> - [x] There are tests for these changes OR - [ ] These changes do not require tests because ___ <!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.--> <!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. --> <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/23873) <!-- Reviewable:end -->
bors-servo
added a commit
that referenced
this issue
Sep 18, 2019
Add PerformanceResourceTiming:TimingAllowCheck Added timing allow check to http_loader.rs in `fn http_network_fetch`. <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: --> - [x] `./mach build -d` does not report any errors - [x] `./mach test-tidy` does not report any errors - [x] These changes fix #21270 ### Things to Do - [x] Map header values from Timing-Allow-Origin to URL types using [Url::Parse](https://docs.rs/url/2.0.0/url/) - [x] Check equality of those header URL origin with the origin in question - [x] Just use url instead of `res.origin` - [x] Change `.set_attribute(ResourceAttribute::RedirectStart(0))` to `.set_attribute(ResourceAttribute::RedirectStart(RedirectStartValue::Zero))` - [x] Change `.set_attribute(ResourceAttribute::RedirectEnd(0))` to `.set_attribute(ResourceAttribute::RedirectEnd(RedirectEndValue::Zero))` - [x] Figure out how to set DomainLookupStart, RequestStart, and ResponseStart without directly passing value as part of enum - [x] Figure out how to handle lack of DomainLookupEnd (#21260) and SecureConnectionStart (#21268) - [x] add a flag to ResourceFetchTiming that indicates if the timing check passed, and only update timing attributes if that flag is false - [x] add function to mark timing test as failed and set all attributes to 0 - [x] resolve compile error regarding move of header_strings variable - [x] resolve URL parse errors that appear during test execution - [x] ~~Fix /resource-timing/crossorigin-sandwich-no-TAO.sub.html~~ (Refer to resource_TAO_cross_origin_redirect_chain.html) - [x] ~~Fix /resource-timing/crossorigin-sandwich-TAO.sub.html~~ (Refer to resource_TAO_cross_origin_redirect_chain.html) - [x] ~~Fix /resource-timing/resource-reload-TAO.sub.html~~ (Get TIMEOUT, fails on Firefox too?) - [x] ~~Fix /resource-timing/resource_TAO_cross_origin_redirect_chain.html~~ (Problem seems to lie in loading the iFrame, when the request is made, the URL attached to the PerformanceResourceTiming interface is the initial URL set on the iFrame instead of the URL that is ultimately loaded) - [x] ~~Fix resource-timing/resource_TAO_multi_wildcard.html~~ (Doesn't work because IMG element doesn't generate HTTP request with Origin field) - [x] Fix /resource-timing/resource_TAO_match_origin.htm - [x] Fix /resource-timing/resource_TAO_match_wildcard.htm - [x] Fix /resource-timing/resource_TAO_multi.htm - [x] Fix /resource-timing/resource_TAO_wildcard.htm - [x] Fix /resource-timing/resource_TAO_zero.htm - [x] Fix /resource-timing/resource_TAO_null.htm - [x] Fix /resource-timing/resource_TAO_origin.htm (tests for responseStart and domainLookupEnd fail because #21260 and #21271 haven't been resolved) - [x] Fix /resource-timing/resource_TAO_space.htm - [x] Fix /resource-timing/resource_TAO_origin_uppercase.htm - [x] ~~Fix /resource-timing/resource_timing_TAO_cross_origin_redirect.html~~ (Refer to resource_TAO_cross_origin_redirect_chain.html) - [x] ~~Fix /resource-timing/TAO-case-insensitive-null-opaque-origin.sub.html~~ (TIMEOUT, doesn't seem to parse iFrame SRC correctly? There doesn't seem to be any sign that it makes a request to TAOResponse.py) - [x] Fix /resource-timing/TAO-crossorigin-port.sub.html - [x] ~~Fix /resource-timing/TAO-null-opaque-origin.sub.html~~ (Refer to /resource-timing/TAO-crossorigin-port.sub.html) <!-- Either: --> - [x] There are tests for these changes OR - [ ] These changes do not require tests because ___ <!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.--> <!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. --> <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/23873) <!-- Reviewable:end -->
bors-servo
added a commit
that referenced
this issue
Sep 24, 2019
Add PerformanceResourceTiming:TimingAllowCheck Added timing allow check to http_loader.rs in `fn http_network_fetch`. <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: --> - [x] `./mach build -d` does not report any errors - [x] `./mach test-tidy` does not report any errors - [x] These changes fix #21270 ### Things to Do - [x] Map header values from Timing-Allow-Origin to URL types using [Url::Parse](https://docs.rs/url/2.0.0/url/) - [x] Check equality of those header URL origin with the origin in question - [x] Just use url instead of `res.origin` - [x] Change `.set_attribute(ResourceAttribute::RedirectStart(0))` to `.set_attribute(ResourceAttribute::RedirectStart(RedirectStartValue::Zero))` - [x] Change `.set_attribute(ResourceAttribute::RedirectEnd(0))` to `.set_attribute(ResourceAttribute::RedirectEnd(RedirectEndValue::Zero))` - [x] Figure out how to set DomainLookupStart, RequestStart, and ResponseStart without directly passing value as part of enum - [x] Figure out how to handle lack of DomainLookupEnd (#21260) and SecureConnectionStart (#21268) - [x] add a flag to ResourceFetchTiming that indicates if the timing check passed, and only update timing attributes if that flag is false - [x] add function to mark timing test as failed and set all attributes to 0 - [x] resolve compile error regarding move of header_strings variable - [x] resolve URL parse errors that appear during test execution - [x] ~~Fix /resource-timing/crossorigin-sandwich-no-TAO.sub.html~~ (Refer to resource_TAO_cross_origin_redirect_chain.html) - [x] ~~Fix /resource-timing/crossorigin-sandwich-TAO.sub.html~~ (Refer to resource_TAO_cross_origin_redirect_chain.html) - [x] ~~Fix /resource-timing/resource-reload-TAO.sub.html~~ (Get TIMEOUT, fails on Firefox too?) - [x] ~~Fix /resource-timing/resource_TAO_cross_origin_redirect_chain.html~~ (Problem seems to lie in loading the iFrame, when the request is made, the URL attached to the PerformanceResourceTiming interface is the initial URL set on the iFrame instead of the URL that is ultimately loaded) - [x] ~~Fix resource-timing/resource_TAO_multi_wildcard.html~~ (Doesn't work because IMG element doesn't generate HTTP request with Origin field) - [x] Fix /resource-timing/resource_TAO_match_origin.htm - [x] Fix /resource-timing/resource_TAO_match_wildcard.htm - [x] Fix /resource-timing/resource_TAO_multi.htm - [x] Fix /resource-timing/resource_TAO_wildcard.htm - [x] Fix /resource-timing/resource_TAO_zero.htm - [x] Fix /resource-timing/resource_TAO_null.htm - [x] Fix /resource-timing/resource_TAO_origin.htm (tests for responseStart and domainLookupEnd fail because #21260 and #21271 haven't been resolved) - [x] Fix /resource-timing/resource_TAO_space.htm - [x] Fix /resource-timing/resource_TAO_origin_uppercase.htm - [x] ~~Fix /resource-timing/resource_timing_TAO_cross_origin_redirect.html~~ (Refer to resource_TAO_cross_origin_redirect_chain.html) - [x] ~~Fix /resource-timing/TAO-case-insensitive-null-opaque-origin.sub.html~~ (TIMEOUT, doesn't seem to parse iFrame SRC correctly? There doesn't seem to be any sign that it makes a request to TAOResponse.py) - [x] Fix /resource-timing/TAO-crossorigin-port.sub.html - [x] ~~Fix /resource-timing/TAO-null-opaque-origin.sub.html~~ (Refer to /resource-timing/TAO-crossorigin-port.sub.html) - [x] /navigation-timing/nav2_test_redirect_chain_xserver_partial_opt_in.html - [x] /navigation-timing/nav2_test_document_open.html - [x] /navigation-timing/nav2_test_frame_removed.html - [x] /performance-timeline/not-clonable.html - [x] /navigation-timing/nav2_test_redirect_xserver.html - [x] /resource-timing/resource_connection_reuse.https.html - [x] /resource-timing/resource_reparenting.html - [x] /resource-timing/resource_connection_reuse.html - [x] /resource-timing/resource_script_types.html - [x] /resource-timing/idlharness.any.html - [x] /resource-timing/clear_resource_timing_functionality.html - [x] /resource-timing/idlharness.any.worker.html - [x] /resource-timing/resource_cached.htm - [x] /resource-timing/resource_connection_reuse_mixed_content_redirect.html - [x] /resource-timing/resource_connection_reuse_mixed_content.html - [x] /resource-timing/resource_timing_buffer_full_when_shrink_buffer_size.html - [x] /navigation-timing/idlharness.window.html - [x] /navigation-timing/nav2_test_navigate_iframe.html - [x] /navigation-timing/nav2_test_navigate_within_document.html - [x] /resource-timing/resource_reuse.sub.html - [x] /navigation-timing/nav2_test_instance_accessible_from_the_start.html - [x] /resource-timing/resource_dedicated_worker.html - [x] /navigation-timing/unload-event-same-origin-check.html - [ ] /navigation-timing/nav2_test_navigation_type_backforward.html <!-- Either: --> - [x] There are tests for these changes OR - [ ] These changes do not require tests because ___ <!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.--> <!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. --> <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/23873) <!-- Reviewable:end -->
bors-servo
added a commit
that referenced
this issue
Sep 24, 2019
Add PerformanceResourceTiming:TimingAllowCheck Added timing allow check to http_loader.rs in `fn http_network_fetch`. <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: --> - [x] `./mach build -d` does not report any errors - [x] `./mach test-tidy` does not report any errors - [x] These changes fix #21270 ### Things to Do - [x] Map header values from Timing-Allow-Origin to URL types using [Url::Parse](https://docs.rs/url/2.0.0/url/) - [x] Check equality of those header URL origin with the origin in question - [x] Just use url instead of `res.origin` - [x] Change `.set_attribute(ResourceAttribute::RedirectStart(0))` to `.set_attribute(ResourceAttribute::RedirectStart(RedirectStartValue::Zero))` - [x] Change `.set_attribute(ResourceAttribute::RedirectEnd(0))` to `.set_attribute(ResourceAttribute::RedirectEnd(RedirectEndValue::Zero))` - [x] Figure out how to set DomainLookupStart, RequestStart, and ResponseStart without directly passing value as part of enum - [x] Figure out how to handle lack of DomainLookupEnd (#21260) and SecureConnectionStart (#21268) - [x] add a flag to ResourceFetchTiming that indicates if the timing check passed, and only update timing attributes if that flag is false - [x] add function to mark timing test as failed and set all attributes to 0 - [x] resolve compile error regarding move of header_strings variable - [x] resolve URL parse errors that appear during test execution - [x] ~~Fix /resource-timing/crossorigin-sandwich-no-TAO.sub.html~~ (Refer to resource_TAO_cross_origin_redirect_chain.html) - [x] ~~Fix /resource-timing/crossorigin-sandwich-TAO.sub.html~~ (Refer to resource_TAO_cross_origin_redirect_chain.html) - [x] ~~Fix /resource-timing/resource-reload-TAO.sub.html~~ (Get TIMEOUT, fails on Firefox too?) - [x] ~~Fix /resource-timing/resource_TAO_cross_origin_redirect_chain.html~~ (Problem seems to lie in loading the iFrame, when the request is made, the URL attached to the PerformanceResourceTiming interface is the initial URL set on the iFrame instead of the URL that is ultimately loaded) - [x] ~~Fix resource-timing/resource_TAO_multi_wildcard.html~~ (Doesn't work because IMG element doesn't generate HTTP request with Origin field) - [x] Fix /resource-timing/resource_TAO_match_origin.htm - [x] Fix /resource-timing/resource_TAO_match_wildcard.htm - [x] Fix /resource-timing/resource_TAO_multi.htm - [x] Fix /resource-timing/resource_TAO_wildcard.htm - [x] Fix /resource-timing/resource_TAO_zero.htm - [x] Fix /resource-timing/resource_TAO_null.htm - [x] Fix /resource-timing/resource_TAO_origin.htm (tests for responseStart and domainLookupEnd fail because #21260 and #21271 haven't been resolved) - [x] Fix /resource-timing/resource_TAO_space.htm - [x] Fix /resource-timing/resource_TAO_origin_uppercase.htm - [x] ~~Fix /resource-timing/resource_timing_TAO_cross_origin_redirect.html~~ (Refer to resource_TAO_cross_origin_redirect_chain.html) - [x] ~~Fix /resource-timing/TAO-case-insensitive-null-opaque-origin.sub.html~~ (TIMEOUT, doesn't seem to parse iFrame SRC correctly? There doesn't seem to be any sign that it makes a request to TAOResponse.py) - [x] Fix /resource-timing/TAO-crossorigin-port.sub.html - [x] ~~Fix /resource-timing/TAO-null-opaque-origin.sub.html~~ (Refer to /resource-timing/TAO-crossorigin-port.sub.html) - [x] /navigation-timing/nav2_test_redirect_chain_xserver_partial_opt_in.html - [x] /navigation-timing/nav2_test_document_open.html - [x] /navigation-timing/nav2_test_frame_removed.html - [x] /performance-timeline/not-clonable.html - [x] /navigation-timing/nav2_test_redirect_xserver.html - [x] /resource-timing/resource_connection_reuse.https.html - [x] /resource-timing/resource_reparenting.html - [x] /resource-timing/resource_connection_reuse.html - [x] /resource-timing/resource_script_types.html - [x] /resource-timing/idlharness.any.html - [x] /resource-timing/clear_resource_timing_functionality.html - [x] /resource-timing/idlharness.any.worker.html - [x] /resource-timing/resource_cached.htm - [x] /resource-timing/resource_connection_reuse_mixed_content_redirect.html - [x] /resource-timing/resource_connection_reuse_mixed_content.html - [x] /resource-timing/resource_timing_buffer_full_when_shrink_buffer_size.html - [x] /navigation-timing/idlharness.window.html - [x] /navigation-timing/nav2_test_navigate_iframe.html - [x] /navigation-timing/nav2_test_navigate_within_document.html - [x] /resource-timing/resource_reuse.sub.html - [x] /navigation-timing/nav2_test_instance_accessible_from_the_start.html - [x] /resource-timing/resource_dedicated_worker.html - [x] /navigation-timing/unload-event-same-origin-check.html - [x] /navigation-timing/nav2_test_navigation_type_backforward.html <!-- Either: --> - [x] There are tests for these changes OR - [ ] These changes do not require tests because ___ <!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.--> <!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. --> <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/23873) <!-- Reviewable:end -->
bors-servo
added a commit
that referenced
this issue
Sep 24, 2019
Add PerformanceResourceTiming:TimingAllowCheck Added timing allow check to http_loader.rs in `fn http_network_fetch`. <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: --> - [x] `./mach build -d` does not report any errors - [x] `./mach test-tidy` does not report any errors - [x] These changes fix #21270 ### Things to Do - [x] Map header values from Timing-Allow-Origin to URL types using [Url::Parse](https://docs.rs/url/2.0.0/url/) - [x] Check equality of those header URL origin with the origin in question - [x] Just use url instead of `res.origin` - [x] Change `.set_attribute(ResourceAttribute::RedirectStart(0))` to `.set_attribute(ResourceAttribute::RedirectStart(RedirectStartValue::Zero))` - [x] Change `.set_attribute(ResourceAttribute::RedirectEnd(0))` to `.set_attribute(ResourceAttribute::RedirectEnd(RedirectEndValue::Zero))` - [x] Figure out how to set DomainLookupStart, RequestStart, and ResponseStart without directly passing value as part of enum - [x] Figure out how to handle lack of DomainLookupEnd (#21260) and SecureConnectionStart (#21268) - [x] add a flag to ResourceFetchTiming that indicates if the timing check passed, and only update timing attributes if that flag is false - [x] add function to mark timing test as failed and set all attributes to 0 - [x] resolve compile error regarding move of header_strings variable - [x] resolve URL parse errors that appear during test execution - [x] ~~Fix /resource-timing/crossorigin-sandwich-no-TAO.sub.html~~ (Refer to resource_TAO_cross_origin_redirect_chain.html) - [x] ~~Fix /resource-timing/crossorigin-sandwich-TAO.sub.html~~ (Refer to resource_TAO_cross_origin_redirect_chain.html) - [x] ~~Fix /resource-timing/resource-reload-TAO.sub.html~~ (Get TIMEOUT, fails on Firefox too?) - [x] ~~Fix /resource-timing/resource_TAO_cross_origin_redirect_chain.html~~ (Problem seems to lie in loading the iFrame, when the request is made, the URL attached to the PerformanceResourceTiming interface is the initial URL set on the iFrame instead of the URL that is ultimately loaded) - [x] ~~Fix resource-timing/resource_TAO_multi_wildcard.html~~ (Doesn't work because IMG element doesn't generate HTTP request with Origin field) - [x] Fix /resource-timing/resource_TAO_match_origin.htm - [x] Fix /resource-timing/resource_TAO_match_wildcard.htm - [x] Fix /resource-timing/resource_TAO_multi.htm - [x] Fix /resource-timing/resource_TAO_wildcard.htm - [x] Fix /resource-timing/resource_TAO_zero.htm - [x] Fix /resource-timing/resource_TAO_null.htm - [x] Fix /resource-timing/resource_TAO_origin.htm (tests for responseStart and domainLookupEnd fail because #21260 and #21271 haven't been resolved) - [x] Fix /resource-timing/resource_TAO_space.htm - [x] Fix /resource-timing/resource_TAO_origin_uppercase.htm - [x] ~~Fix /resource-timing/resource_timing_TAO_cross_origin_redirect.html~~ (Refer to resource_TAO_cross_origin_redirect_chain.html) - [x] ~~Fix /resource-timing/TAO-case-insensitive-null-opaque-origin.sub.html~~ (TIMEOUT, doesn't seem to parse iFrame SRC correctly? There doesn't seem to be any sign that it makes a request to TAOResponse.py) - [x] Fix /resource-timing/TAO-crossorigin-port.sub.html - [x] ~~Fix /resource-timing/TAO-null-opaque-origin.sub.html~~ (Refer to /resource-timing/TAO-crossorigin-port.sub.html) - [x] /navigation-timing/nav2_test_redirect_chain_xserver_partial_opt_in.html - [x] /navigation-timing/nav2_test_document_open.html - [x] /navigation-timing/nav2_test_frame_removed.html - [x] /performance-timeline/not-clonable.html - [x] /navigation-timing/nav2_test_redirect_xserver.html - [x] /resource-timing/resource_connection_reuse.https.html - [x] /resource-timing/resource_reparenting.html - [x] /resource-timing/resource_connection_reuse.html - [x] /resource-timing/resource_script_types.html - [x] /resource-timing/idlharness.any.html - [x] /resource-timing/clear_resource_timing_functionality.html - [x] /resource-timing/idlharness.any.worker.html - [x] /resource-timing/resource_cached.htm - [x] /resource-timing/resource_connection_reuse_mixed_content_redirect.html - [x] /resource-timing/resource_connection_reuse_mixed_content.html - [x] /resource-timing/resource_timing_buffer_full_when_shrink_buffer_size.html - [x] /navigation-timing/idlharness.window.html - [x] /navigation-timing/nav2_test_navigate_iframe.html - [x] /navigation-timing/nav2_test_navigate_within_document.html - [x] /resource-timing/resource_reuse.sub.html - [x] /navigation-timing/nav2_test_instance_accessible_from_the_start.html - [x] /resource-timing/resource_dedicated_worker.html - [x] /navigation-timing/unload-event-same-origin-check.html - [x] /navigation-timing/nav2_test_navigation_type_backforward.html <!-- Either: --> - [x] There are tests for these changes OR - [ ] These changes do not require tests because ___ <!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.--> <!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. --> <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/23873) <!-- Reviewable:end -->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Spec: https://w3c.github.io/resource-timing/#dfn-timing-allow-check
The timing allow check algorithm, which checks whether a resource's timing information can be shared with the current document, is as follows:
If the last non-redirected fetch of the resource fails the timing allow check, the user agent MUST set redirectStart, redirectEnd, domainLookupStart, domainLookupEnd, connectStart, connectEnd, requestStart, responseStart and secureConnectionStart to zero
This check can also affect startTime.