[webkit-changes] [WebKit/WebKit] b67af6: Server-Timing data can be read cross-origin
youennf
noreply at github.com
Wed Feb 8 06:20:36 PST 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: b67af69609f3209a2a2f72f9ca5c3b03d902df04
https://github.com/WebKit/WebKit/commit/b67af69609f3209a2a2f72f9ca5c3b03d902df04
Author: Youenn Fablet <youennf at gmail.com>
Date: 2023-02-08 (Wed, 08 Feb 2023)
Changed paths:
A LayoutTests/http/wpt/resource-timing/crossorigin-servertiming-expected.txt
A LayoutTests/http/wpt/resource-timing/crossorigin-servertiming.html
A LayoutTests/http/wpt/resource-timing/resources/server-timing.py
M Source/WebCore/loader/ResourceTiming.cpp
M Source/WebCore/loader/ResourceTiming.h
M Source/WebCore/loader/ResourceTimingInformation.cpp
Log Message:
-----------
Server-Timing data can be read cross-origin
https://bugs.webkit.org/show_bug.cgi?id=250837
rdar://problem/104427347
Reviewed by Alex Christensen.
For document (iframe, object, embed) loads, the origin of the load is the origin of the URL.
This is same origin by nature.
But the origin we will expose the timing info is the origin of the initiator.
Make sure to recompute the same origin request flag in that case.
* LayoutTests/http/wpt/resource-timing/crossorigin-servertiming-expected.txt: Added.
* LayoutTests/http/wpt/resource-timing/crossorigin-servertiming.html: Added.
* LayoutTests/http/wpt/resource-timing/server-timing.py: Added.
(main):
* Source/WebCore/loader/ResourceTiming.cpp:
(WebCore::ResourceTiming::updateExposure):
* Source/WebCore/loader/ResourceTiming.h:
* Source/WebCore/loader/ResourceTimingInformation.cpp:
(WebCore::ResourceTimingInformation::addResourceTiming):
Canonical link: https://commits.webkit.org/260006@main
More information about the webkit-changes
mailing list