Changeset 288219 in webkit

Timestamp:

Jan 19, 2022 11:37:40 AM (6 months ago)

Author:

commit-queue@webkit.org

Message:

[ResourceTiming] nextHopProtocol is exposed regardless of Timing-Allow-Origin
​https://bugs.webkit.org/show_bug.cgi?id=235294

Patch by Alex Christensen <​achristensen@webkit.org> on 2022-01-19
Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

• web-platform-tests/resource-timing/nextHopProtocol-is-tao-protected.https-expected.txt:

Source/WebCore:

Covered by an existing WPT test that starts passing.
This was recently fixed in Chromium in ​https://chromium-review.googlesource.com/c/chromium/src/+/3354335

• page/PerformanceResourceTiming.cpp:

(WebCore::PerformanceResourceTiming::nextHopProtocol const):

Location:

trunk

Files:

• LayoutTests/imported/w3c/ChangeLog (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/resource-timing/nextHopProtocol-is-tao-protected.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/resource-timing/nextHopProtocol-tao-protected.https-expected.txt (modified) (1 diff)
• LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/resource-timing/nextHopProtocol-tao-protected.https-expected.txt (deleted)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/page/PerformanceResourceTiming.cpp (modified) (1 diff)

trunk/LayoutTests/imported/w3c/ChangeLog

@@ +1 @@
+2022-01-19  Alex Christensen  <achristensen@webkit.org>
+
+        [ResourceTiming] nextHopProtocol is exposed regardless of Timing-Allow-Origin
+        https://bugs.webkit.org/show_bug.cgi?id=235294
+
+        Reviewed by Chris Dumez.
+
+        * web-platform-tests/resource-timing/nextHopProtocol-is-tao-protected.https-expected.txt:
+
 2022-01-19  Youenn Fablet  <youenn@apple.com>
 

trunk/LayoutTests/imported/w3c/web-platform-tests/resource-timing/nextHopProtocol-is-tao-protected.https-expected.txt

@@ -1 +1 @@
 
-FAIL Add TAO-less iframe from remote origin. Make sure nextHopProtocol is the empty string assert_equals: nextHopProtocol should be the empty string expected "" but got "http/1.1"
+PASS Add TAO-less iframe from remote origin. Make sure nextHopProtocol is the empty string
 PASS Add TAO'd iframe from remote origin. Make sure nextHopProtocol is not the empty string
 

trunk/LayoutTests/imported/w3c/web-platform-tests/resource-timing/nextHopProtocol-tao-protected.https-expected.txt

@@ -1 +1 @@
 
 
-FAIL Add TAO-less iframe to remote origin. Make sure nextHopProtocol is the empty string promise_test: Unhandled rejection with value: "nextHopProtocol should be the empty string"
+PASS Add TAO-less iframe to remote origin. Make sure nextHopProtocol is the empty string
 PASS Add TAO iframe to remote origin. Make sure nextHopProtocol is not the empty string
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2022-01-19  Alex Christensen  <achristensen@webkit.org>
+
+        [ResourceTiming] nextHopProtocol is exposed regardless of Timing-Allow-Origin
+        https://bugs.webkit.org/show_bug.cgi?id=235294
+
+        Reviewed by Chris Dumez.
+
+        Covered by an existing WPT test that starts passing.
+        This was recently fixed in Chromium in https://chromium-review.googlesource.com/c/chromium/src/+/3354335
+
+        * page/PerformanceResourceTiming.cpp:
+        (WebCore::PerformanceResourceTiming::nextHopProtocol const):
+
 2022-01-19  Rob Buis  <rbuis@igalia.com>
 

trunk/Source/WebCore/page/PerformanceResourceTiming.cpp

@@ -100 +100 @@
 const String& PerformanceResourceTiming::nextHopProtocol() const
 {
+    if (m_resourceTiming.networkLoadMetrics().failsTAOCheck)
+        return emptyString();
+
     return m_resourceTiming.networkLoadMetrics().protocol;
 }