Pass in response status to mark resource timing #1468
Conversation
abinpaul1
force-pushed
the
resource-response-status
branch
from
a8a2650
to
28e9a7c
Compare
fetch.bs
Outdated
| @@ -5536,6 +5539,9 @@ optional boolean <var>forceNewConnection</var> (default false), run these steps: | |||
|
|
|||
| <li><p>Let <var>status</var> be the HTTP response's status code. | |||
There was a problem hiding this comment.
@annevk - Would it make sense to also explicitly set the response's status to |status| here? (maybe as a separate PR)
There was a problem hiding this comment.
It might be worth having a follow-up issue on how to better integrate with HTTP or indicate that's what's happening. We basically want to map an HTTP response to a Fetch response. There has been some discussion about this also with the HTTP WG, but I don't think we'll get anything formal out of that.
|
Also, we'd want tests and implementation issues before this lands. |
fetch.bs
Outdated
| @@ -301,6 +301,9 @@ following <a for=struct>items</a>: [[RESOURCE-TIMING]] [[NAVIGATION-TIMING]] | |||
| <dt><dfn export for="response body info" id="fetch-timing-info-decoded-body-size">decoded | |||
| size</dfn> (default 0) | |||
| <dd>A number. | |||
| <dt><dfn export for="response body info" id="fetch-timing-info-response-status">response | |||
There was a problem hiding this comment.
This is not needed. You have response's status when you set the report timing steps in fetch response handover. I would add it as another parameter to Mark resource timing.
Also, as we talked on the Chromium CL, I don't think we should automatically make this TAO-protected rather than CORS-protected. It's not exactly timing information.
There was a problem hiding this comment.
Okay, just to be sure I understand. We would pass in the status as a new parameter to Mark resource time which would in turn pass it to Setup the resource timing entry where we would use it to set the entry's responseStatus.
Also, as we talked on the Chromium CL, I don't think we should automatically make this TAO-protected rather than CORS-protected. It's not exactly timing information.
Yeah, we don't want to. I am a bit unsure as to where the exact place to specify this is. Does it make sense to add this to fetch response handover as well - If the CORS check fails pass in 0 as the status to Mark resource timing
There was a problem hiding this comment.
Okay, just to be sure I understand. We would pass in the status as a new parameter to Mark resource time which would in turn pass it to Setup the resource timing entry where we would use it to set the entry's
responseStatus.
Exactly
Also, as we talked on the Chromium CL, I don't think we should automatically make this TAO-protected rather than CORS-protected. It's not exactly timing information.
Yeah, we don't want to. I am a bit unsure as to where the exact place to specify this is. Does it make sense to add this to fetch response handover as well - If the CORS check fails pass in
0as the status toMark resource timing
Actually I don't think you need to do anything. If this is a no-cors request, response would already be an opaque filtered response with a status of 0.
There was a problem hiding this comment.
I think there might be an existing problem here in that an opaque response wouldn't expose body info.
There was a problem hiding this comment.
We set the body info to an empty body info if TAO fails.
fetch.bs
Outdated
| @@ -5536,6 +5539,9 @@ optional boolean <var>forceNewConnection</var> (default false), run these steps: | |||
|
|
|||
| <li><p>Let <var>status</var> be the HTTP response's status code. | |||
There was a problem hiding this comment.
It might be worth having a follow-up issue on how to better integrate with HTTP or indicate that's what's happening. We basically want to map an HTTP response to a Fetch response. There has been some discussion about this also with the HTTP WG, but I don't think we'll get anything formal out of that.
fetch.bs
Outdated
| @@ -301,6 +301,9 @@ following <a for=struct>items</a>: [[RESOURCE-TIMING]] [[NAVIGATION-TIMING]] | |||
| <dt><dfn export for="response body info" id="fetch-timing-info-decoded-body-size">decoded | |||
| size</dfn> (default 0) | |||
| <dd>A number. | |||
| <dt><dfn export for="response body info" id="fetch-timing-info-response-status">response | |||
| status</dfn> (default 0) | |||
There was a problem hiding this comment.
One minor thing here that I notice is incorrect for some other fields as well is that fetch.bs shouldn't wrap inside phrasing elements such as <dfn> so you can more easily search for the terms inside of them.
fetch.bs
Outdated
| @@ -301,6 +301,9 @@ following <a for=struct>items</a>: [[RESOURCE-TIMING]] [[NAVIGATION-TIMING]] | |||
| <dt><dfn export for="response body info" id="fetch-timing-info-decoded-body-size">decoded | |||
| size</dfn> (default 0) | |||
| <dd>A number. | |||
| <dt><dfn export for="response body info" id="fetch-timing-info-response-status">response | |||
There was a problem hiding this comment.
I think there might be an existing problem here in that an opaque response wouldn't expose body info.
abinpaul1
force-pushed
the
resource-response-status
branch
from
28e9a7c
to
03610e8
Compare
abinpaul1
changed the title
This CL introduces a responseStatus field to Performance Resource Timing object. This field is behind a Runtime Enabled Flag. Resource Timing PR : w3c/resource-timing#335 Fetch PR : whatwg/fetch#1468 Bug:1343293 Change-Id: I60d1b6ba00f055481ca526a490144d88ddaf881b
This CL introduces a responseStatus field to Performance Resource Timing object. This field is behind a Runtime Enabled Flag. Resource Timing PR : w3c/resource-timing#335 Fetch PR : whatwg/fetch#1468 Bug:1343293 Change-Id: I60d1b6ba00f055481ca526a490144d88ddaf881b
This CL introduces a responseStatus field to Performance Resource Timing object. This field is behind a Runtime Enabled Flag. Resource Timing PR : w3c/resource-timing#335 Fetch PR : whatwg/fetch#1468 Bug: 1343293 Change-Id: I60d1b6ba00f055481ca526a490144d88ddaf881b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3754923 Reviewed-by: Noam Rosenthal <nrosenthal@chromium.org> Commit-Queue: Abin Paul <abin.paul1@gmail.com> Reviewed-by: Yoav Weiss <yoavweiss@chromium.org> Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Cr-Commit-Position: refs/heads/main@{#1040902}
This CL introduces a responseStatus field to Performance Resource Timing object. This field is behind a Runtime Enabled Flag. Resource Timing PR : w3c/resource-timing#335 Fetch PR : whatwg/fetch#1468 Bug: 1343293 Change-Id: I60d1b6ba00f055481ca526a490144d88ddaf881b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3754923 Reviewed-by: Noam Rosenthal <nrosenthal@chromium.org> Commit-Queue: Abin Paul <abin.paul1@gmail.com> Reviewed-by: Yoav Weiss <yoavweiss@chromium.org> Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Cr-Commit-Position: refs/heads/main@{#1040902}
This CL introduces a responseStatus field to Performance Resource Timing object. This field is behind a Runtime Enabled Flag. Resource Timing PR : w3c/resource-timing#335 Fetch PR : whatwg/fetch#1468 Bug: 1343293 Change-Id: I60d1b6ba00f055481ca526a490144d88ddaf881b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3754923 Reviewed-by: Noam Rosenthal <nrosenthal@chromium.org> Commit-Queue: Abin Paul <abin.paul1@gmail.com> Reviewed-by: Yoav Weiss <yoavweiss@chromium.org> Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Cr-Commit-Position: refs/heads/main@{#1040902} Co-authored-by: Abin K Paul <abin.paul1@gmail.com>
…ing, a=testonly Automatic update from web-platform-tests Add response status code to Resource Timing (#34828) This CL introduces a responseStatus field to Performance Resource Timing object. This field is behind a Runtime Enabled Flag. Resource Timing PR : w3c/resource-timing#335 Fetch PR : whatwg/fetch#1468 Bug: 1343293 Change-Id: I60d1b6ba00f055481ca526a490144d88ddaf881b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3754923 Reviewed-by: Noam Rosenthal <nrosenthal@chromium.org> Commit-Queue: Abin Paul <abin.paul1@gmail.com> Reviewed-by: Yoav Weiss <yoavweiss@chromium.org> Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Cr-Commit-Position: refs/heads/main@{#1040902} Co-authored-by: Abin K Paul <abin.paul1@gmail.com> -- wpt-commits: 9e8b0dbba979679efc9230834ea89cb3b0f06685 wpt-pr: 34828
abinpaul1
force-pushed
the
resource-response-status
branch
from
ab74d22
to
a298369
Compare
fetch.bs
Outdated
| <li><p>Let <var>responseStatus</var> be 0 if <var>fetchParams</var>'s | ||
| <a for="fetch params">request</a>'s <a for=request>mode</a> is "<code>navigate</code>" and | ||
| <var>response</var>'s <a for=response>URL</a>'s <a for=url>origin</a> is not | ||
| <a>same origin</a> with <var>request</var>'s <a for=request>origin</a>, and | ||
| <var>response</var>'s <a for=response>status</a> otherwise. |
There was a problem hiding this comment.
I don't think the same origin check here is good. This doesn't take redirects into account.
Also, is this the internal response or not?
There was a problem hiding this comment.
To take redirects into acount, would introducing a new flag to request be a good idea - is navigation same origin. As HTTP fetch step 6.6 we would check if request’s mode is "navigate" and request’s current URL’s origin is same origin with request’s origin. If at any time this is not the case we set is navigation same origin to false.
This flag would then be used instead of the current check. Would this work?
There was a problem hiding this comment.
Can we use https://fetch.spec.whatwg.org/#concept-request-tainted-origin? I think request's URL list is still being build up by HTML's navigate algorithm so that should be fine. cc @noamr
There was a problem hiding this comment.
Okay, so just to be clear we let responseStatus be 0 if request’s mode is "navigate" and request has a redirect-tainted origin?
Also, is this the internal response or not?
I don't think it is the internal response. We want the filtered response's status, so that status would be 0 if its say a no-cors request as well.
There was a problem hiding this comment.
I think so, but now I wonder why this is different from the other measurements. If this is specifically for navigation timing it should probably follow the current model for those. cc @noamr
There was a problem hiding this comment.
This is not about navigation timing but about iframe navigations being reported to their parent. Since they cannot be CORS fetches, we don't want to report their status if they are cross origin.
There was a problem hiding this comment.
Right, but don't we have existing infrastructure for that which needs to meet the same constraints?
There was a problem hiding this comment.
I don't believe we do, but I could be wrong. Are you aware of such infrastructure?
There was a problem hiding this comment.
Wait, we have https://html.spec.whatwg.org/multipage/browsing-the-web.html#navigation-params-has-cross-origin-redirects for NavTiming. I can see if/how it fits here.
|
A rough sketch of using existing infrastructure:
@abinpaul1 @annevk - does this make sense? |
|
Kinda, but then "has cross-origin redirects" needs to be state that Fetch maintains, I suspect. I'm also confused by "navigate an iframe" as I suspect some of those steps also need to apply to |
|
This CL introduces a responseStatus field to Performance Resource Timing object. This field is behind a Runtime Enabled Flag. Resource Timing PR : w3c/resource-timing#335 Fetch PR : whatwg/fetch#1468 Bug: 1343293 Change-Id: I60d1b6ba00f055481ca526a490144d88ddaf881b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3754923 Reviewed-by: Noam Rosenthal <nrosenthal@chromium.org> Commit-Queue: Abin Paul <abin.paul1@gmail.com> Reviewed-by: Yoav Weiss <yoavweiss@chromium.org> Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Cr-Commit-Position: refs/heads/main@{#1040902} NOKEYCHECK=True GitOrigin-RevId: fe7385a80df9cb4f7b7bc07609f3ac8228281541
|
Yeah that seems reasonable. And since we copy request's URL list over to the eventual response we might be able to reuse part of https://fetch.spec.whatwg.org/#concept-request-tainted-origin somehow. (Apologies for taking so long. In the future please bug me on Matrix if I'm not responsive. Or ask the design question there as others might be able to answer as well.) |
|
Have added the |
|
In HTML you have to explicitly add the reference (search for |
annevk
added
the
do not merge yet
|
@annevk Thanks for the pointer. I've opened the HTML PR with the changes. whatwg/html#8405 |
|
@abinpaul1 can you file bugs on Gecko and WebKit? That's the last thing remaining here. |
|
Filed the bugs |
| <li><p>Let <var>responseStatus</var> be 0 if <var>fetchParams</var>'s | ||
| <a for="fetch params">request</a>'s <a for=request>mode</a> is "<code>navigate</code>" and | ||
| <var>response</var>'s <a for=response>has-cross-origin-redirects</a> is true; otherwise | ||
| <var>response</var>'s <a for=response>status</a>. |
There was a problem hiding this comment.
I was about to merge this, but I don't understand how this protects the response status when mode isn't "navigate". Shouldn't we be using the timing allow passed flag in that case?
There was a problem hiding this comment.
As noted in #1468 (comment), wouldn't the response be a filtered response here thereby protecting the response status?
annevk
removed
the
do not merge yet
These changes are to support addition of http response status code to Perfomance resource timing. Further details are available at w3c/resource-timing#335
(See WHATWG Working Mode: Changes for more details.)
Preview | Diff