Hide some navigation timing info when cross-origin redirects are present #7105
Conversation
noamr
force-pushed
the
nav-timing-cors
branch
from
65b5fb1
to
27caec8
Compare
|
Can you restore the PR template for this change, by editing the original post? |
Done |
Exposing connection timing info such as domainLookupStart may expose the fact that a cross-origin redirect has occured, information which should be hidden. This is fixed in whatwg/html#7105, and this modifies the test to account for the new behavior.
Exposing connection timing info such as domainLookupStart may expose the fact that a cross-origin redirect has occured, information which should be hidden. This is fixed in whatwg/html#7105, and this modifies the test to account for the new behavior.
|
To be clear, the template @domenic is referring to is https://github.com/whatwg/html/blob/main/PULL_REQUEST_TEMPLATE.md. I don't see it in OP. |
There was a problem hiding this comment.
@yoavweiss should review this as well or perhaps this should wait for @domenic who I believe reviewed the last round of navigation timing additions.
|
Also, thanks for working on this! |
|
PR preview seems to be failing with a build error. Are you able to build this locally? |
It builds locally, I rebased on forced push with hope. |
noamr
force-pushed
the
nav-timing-cors
branch
from
67257bd
to
4dc9d8f
Compare
Yea, this depends on whatwg/fetch#1309. |
|
Trying to figure out whether exposing Also, in that case, So I think we should either go with this (hiding all TAO-protected info when cross-origin redirects are present), or also expose If we choose to keep the current behavior, I will amend this PR to match it (it needs to special-case @yoavweiss @sefeng211 @npm1 @annevk thoughts? |
|
I think at least in theory a connection can encompass multiple origins (if the certificate is valid for all of them, though not all user agents support this), how does |
It would clamp |
… a cross-origin redirect for PerformanceNavigationTiming r=smaug The actual text for hiding these information is actually missing at the moment. This is the pending PR whatwg/html#7105 which should fix it. In addition to this PR, the obsolete (obsolete, but still accurate) definition for `redirectStart` and `redirectEnd` has specified that when there's a cross-origin redirect, these timings should not be exposed. Obsolete definition: https://w3c.github.io/navigation-timing/#dom-performancetiming-redirectstart Differential Revision: https://phabricator.services.mozilla.com/D127200
… a cross-origin redirect for PerformanceNavigationTiming r=smaug The actual text for hiding these information is actually missing at the moment. This is the pending PR whatwg/html#7105 which should fix it. In addition to this PR, the obsolete (obsolete, but still accurate) definition for `redirectStart` and `redirectEnd` has specified that when there's a cross-origin redirect, these timings should not be exposed. Obsolete definition: https://w3c.github.io/navigation-timing/#dom-performancetiming-redirectstart Differential Revision: https://phabricator.services.mozilla.com/D127200
|
This is on hold until we figure out w3c/navigation-timing#160 |
noamr
force-pushed
the
nav-timing-cors
branch
from
4dc9d8f
to
dbbabf2
Compare
Since w3c/navigation-timing#160 is not close to resolution, for now continuing with this to at least reflect the current implementations. |
When a navigation includes cross-origin redirects, the navigation timing entry should not include information about redirect timing and internal network timing, as that may expose cross-origin timing information. This is already implemented and tested, but has been omitted when refactoring the navigation timing spec into HTML. Closes whatwg#7104
noamr
force-pushed
the
nav-timing-cors
branch
from
dbbabf2
to
a59b8c5
Compare
|
Looking at this again, I don't think it makes sense to TAO-protect anything in navigation timing as long as navigation start is the time origin. The connection info is anyway only relevant to the current origin, and
Looking at this again, I don't think it makes sense to TAO-protect anything in navigation timing as long as navigation start is the time origin. The connection info is anyway only relevant to the current origin, and |
|
Updated PR to send the "has cross origin redirects" info to nav-timing, where the decision to hide In conjunction with w3c/navigation-timing#170 |
|
Closed by w3c/navigation-timing#170 |
When a navigation includes cross-origin redirects, the navigation timing
entry should not include information about redirect timing and internal
network timing, as that may expose cross-origin timing information.
Closes #7104
Depends on whatwg/fetch#1309
[x] At least two implementers are interested (and none opposed):
Part of is already implemented and tested, but has been omitted when refactoring the navigation timing spec into HTML.
[x] Tests already cover this: navigation-timing/test_timing_xserver_redirect.html
…
[] Implementation bugs are filed:
Chrome: 1063370
Firefox: 1733044
Safari: TBD
Will have to close these bugs for now if we agree to keep the status quo, which is what's reflected in this PR.
(See WHATWG Working Mode: Changes for more details.)
/browsing-the-web.html ( diff )
/infrastructure.html ( diff )
/browsing-the-web.html ( diff )
/infrastructure.html ( diff )