Consolidate iframe & object resource timing code paths

So far some of the logic in resource timing for subframe navigations iframe/object/embed) was duplicated, e.g. both in blink and in content. This has led to race conditions, inconsistencies and sometimes XSS leaks. This patch attempts to improve the situation by consolidating the code paths: - NavigationRequest receives is_container_initiated, which ensures only container-initiated navigations are reported to the parent. This is a clarification of something that was ambiguous in the spec previously (whatwg/html#8846). It later uses ParentResourceTimingAccess to decide if a navigation should report to its parent with/without response details (status code and mime-type), or not report at all (TAO-fail, not an iframe, not container-initiated). - Both object fallbacks and cancelled navigations (204/205) report to the parent via RenderFrameImpl, and blink converts that to a ResourceTimingInfo object. This allows us to remove the duplicated resource timing creation code in //content. - We report fallback resource timing also for plugin error events and not only for load events. Bug: 1399862 Bug: 1410705 Change-Id: Id37d23cd02eee9e38f812e6f3da99caedafdee3d
web-platform-tests · Feb 19, 2023 · 478c2c4 · 478c2c4
1 parent 96ef577
commit 478c2c4
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 0 deletions.
diff --git a/resource-timing/entries-for-object-frame-options-deny.html b/resource-timing/entries-for-object-frame-options-deny.html
@@ -0,0 +1,35 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+<meta charset="utf-8" />
+<meta name="timeout" content="long">
+<link rel="author" title="Noam Rosenthal" href="noam@chromium.org">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/entry-invariants.js"></script>
+</head>
+<body>
+<script>
+const {REMOTE_ORIGIN} = get_host_info();
+
+promise_test(async t => {
+  const success_url = new URL("/resource-timing/resources/object-frame-options-200.asis", REMOTE_ORIGIN).href;
+  const fail_url = new URL("/resource-timing/resources/object-frame-options-403.asis", REMOTE_ORIGIN).href;
+  const load_object = async url => {
+    const object = document.createElement("object");
+    object.data = url;
+    document.body.appendChild(object);
+    t.add_cleanup(() => object.remove());
+    await new Promise(resolve => {
+      object.onload = object.onerror = resolve;
+    });
+  };
+
+  await Promise.all([success_url, fail_url].map(load_object));
+  assert_equals(performance.getEntriesByName(success_url).length, 1);
+  assert_equals(performance.getEntriesByName(fail_url).length, 1);
+}, "Test that object elements with X-Frame-Options: Deny produce resource timing entries");
+</script>
+</body>
+</html>
diff --git a/resource-timing/resources/object-frame-options-200.asis b/resource-timing/resources/object-frame-options-200.asis
@@ -0,0 +1,6 @@
+HTTP/1.0 200 OK
+Content-Type: text/html
+X-Frame-Options: DENY
+Content-Security-Policy: frame-ancestors 'none'
+
+Hello
diff --git a/resource-timing/resources/object-frame-options-403.asis b/resource-timing/resources/object-frame-options-403.asis
@@ -0,0 +1,6 @@
+HTTP/1.0 403 OK
+Content-Type: text/html
+X-Frame-Options: DENY
+Content-Security-Policy: frame-ancestors 'none'
+
+Hello