Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve TAO definition #197

Merged
merged 8 commits into from
Feb 11, 2019
Merged

Improve TAO definition #197

Changes from 1 commit
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
85250e3
Improve TAO definition to better align with the CORS model
yoavweiss Jan 11, 2019
4190f74
style
yoavweiss Jan 11, 2019
aa728f6
style
yoavweiss Jan 11, 2019
e4a0acb
refactor based on comment from annevk
yoavweiss Jan 11, 2019
74c3fd9
Clarify request cross origin
yoavweiss Jan 11, 2019
e213fac
Remove alignment with CORS. Better define origin
yoavweiss Feb 11, 2019
5c36b39
use the request origin
yoavweiss Feb 11, 2019
db31e5a
Added step labels to processing model
yoavweiss Feb 11, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
103 changes: 45 additions & 58 deletions index.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -376,9 +376,7 @@ <h3>The <dfn>PerformanceResourceTiming</dfn> Interface</h3>
starts to queue the resource for <a data-cite="FETCH#concept-fetch"
data-lt='fetch'>fetching</a>. If there are HTTP redirects or
<a data-cite="HTML#or-equivalent">equivalent</a> when fetching the
resource, and if all the redirects or equivalent are from the
<a data-cite="RFC6454#section-5">same origin</a> as the current
document or the <a>timing allow check</a> algorithm passes, this
resource, and if the <a>timing allow check</a> algorithm passes, this
attribute MUST return the same value as <a>redirectStart</a>.
Otherwise, this attribute MUST return the same value as
<a>fetchStart</a>.</dd>
Expand Down Expand Up @@ -506,8 +504,7 @@ <h3>The <dfn>PerformanceResourceTiming</dfn> Interface</h3>
<a data-cite="HTML#or-equivalent" data-lt=
'HTTP response codes equivalence'>equivalent</a> when <a data-cite=
"FETCH#concept-fetch" data-lt='fetch'>fetching</a> the resource and
<strong>all</strong> the redirects or equivalent pass the <a>timing
allow check</a> algorithm.</li>
the resource passes the <a>timing allow check</a> algorithm.</li>
<li>zero, otherwise.</li>
</ol>
<p data-dfn-for="PerformanceResourceTiming">On getting, the
Expand All @@ -518,8 +515,7 @@ <h3>The <dfn>PerformanceResourceTiming</dfn> Interface</h3>
<a data-cite="HTML#or-equivalent" data-lt=
'HTTP response codes equivalence'>equivalent</a> when <a data-cite=
"FETCH#concept-fetch" data-lt='fetch'>fetching</a> the resource and
<strong>all</strong> the redirects or equivalent pass the <a>timing
allow check</a> algorithm.</li>
the resource passes the <a>timing allow check</a> algorithm.</li>
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

removed the "all the redirects" reference as it is now implied by passing TAO

<li>zero, otherwise.</li>
</ol>
<p data-dfn-for="PerformanceResourceTiming">On getting, the
Expand All @@ -537,9 +533,8 @@ <h3>The <dfn>PerformanceResourceTiming</dfn> Interface</h3>
<p data-dfn-for="PerformanceResourceTiming">On getting, the
<dfn>domainLookupStart</dfn> attribute MUST return as follows:</p>
<ol data-link-for="PerformanceResourceTiming">
<li>Zero, if any request in the resource <a
data-cite="FETCH#concept-fetch">fetch</a>'s request-chain (including
redirects) fails the <a>timing allow check</a> algorithm.</li>
<li>Zero, if the resource fails the <a>timing allow check</a>
algorithm.</li>
<li>The same value as <a>fetchStart</a>, if no domain lookup was
required to fetch the resources (e.g. if a <a href=
"https://tools.ietf.org/html/RFC7230#section-6.3">persistent
Expand All @@ -555,9 +550,8 @@ <h3>The <dfn>PerformanceResourceTiming</dfn> Interface</h3>
<p data-dfn-for="PerformanceResourceTiming">On getting, the
<dfn>domainLookupEnd</dfn> attribute MUST return as follows:</p>
<ol data-link-for="PerformanceResourceTiming">
<li>Zero, if any request in the resource <a
data-cite="FETCH#concept-fetch">fetch</a>'s request-chain (including
redirects) fails the <a>timing allow check</a> algorithm.</li>
<li>Zero, if the resource fails the <a>timing allow check</a>
algorithm.</li>
<li>The same value as <a>fetchStart</a>, if no domain lookup was
required to fetch the resources (e.g. if a <a href=
"https://tools.ietf.org/html/RFC7230#section-6.3">persistent
Expand All @@ -573,9 +567,8 @@ <h3>The <dfn>PerformanceResourceTiming</dfn> Interface</h3>
<p data-dfn-for="PerformanceResourceTiming">On getting, the
<dfn>connectStart</dfn> attribute MUST return as follows:</p>
<ol data-link-for="PerformanceResourceTiming">
<li>Zero, if any request in the resource <a
data-cite="FETCH#concept-fetch">fetch</a>'s request-chain (including
redirects) fails the <a>timing allow check</a> algorithm.</li>
<li>Zero, if the resource fails the <a>timing allow check</a>
algorithm.</li>
<li>The same value as <a>fetchStart</a>, if a <a data-cite=
"RFC7230#section-6.3">persistent connection</a> [[RFC7230]] is used
or the resource is retrieved from <a data-cite=
Expand All @@ -593,9 +586,8 @@ <h3>The <dfn>PerformanceResourceTiming</dfn> Interface</h3>
<p data-dfn-for="PerformanceResourceTiming">On getting, the
<dfn>connectEnd</dfn> attribute MUST return as follows:</p>
<ol data-link-for="PerformanceResourceTiming">
<li>Zero, if any request in the resource <a
data-cite="FETCH#concept-fetch">fetch</a>'s request-chain (including
redirects) fails the <a>timing allow check</a> algorithm.</li>
<li>Zero, if the resource fails the <a>timing allow check</a>
algorithm.</li>
<li>The same value as <a>fetchStart</a>, if a <a data-cite=
"RFC7230#section-6.3">persistent connection</a> [[RFC7230]] is used
or the resource is retrieved from <a data-cite=
Expand All @@ -616,10 +608,8 @@ <h3>The <dfn>PerformanceResourceTiming</dfn> Interface</h3>
<dfn>secureConnectionStart</dfn> attribute MUST return as
follows:</p>
<ol data-link-for="PerformanceResourceTiming">
<li>Zero, if a secure transport is not used or if any request in the
resource <a data-cite="FETCH#concept-fetch">fetch</a>'s request-chain
(including redirects) fails the <a>timing allow check</a> algorithm.
</li>
<li>Zero, if a secure transport is not used or if the resource fails
the <a>timing allow check</a> algorithm.</li>
<li>The same value as <a>fetchStart</a>, if a <a data-cite=
"RFC7230#section-6.3">persistent connection</a> [[RFC7230]] is used
or the resource is retrieved from <a data-cite=
Expand All @@ -634,9 +624,8 @@ <h3>The <dfn>PerformanceResourceTiming</dfn> Interface</h3>
<li>The time immediately before the user agent starts requesting
the resource from the server, or from <a data-cite=
"HTML#relevant-application-cache">relevant application caches</a>
or from local resources, if all requests in the resource <a data-cite=
"FETCH#concept-fetch">fetch</a>'s request-chain (including redirects)
pass the <a>timing allow check</a> algorithm.
or from local resources, if the resource passes the <a>timing allow
check</a> algorithm.
<p>If the transport connection fails after a request is sent and
the user agent reopens a connection and resend the request,
<a data-link-for="PerformanceResourceTiming">requestStart</a> MUST
Expand Down Expand Up @@ -664,10 +653,8 @@ <h3>The <dfn>PerformanceResourceTiming</dfn> Interface</h3>
receives the first byte of the response (e.g. frame header bytes
for HTTP/2, or response status line for HTTP/1.x) from
<a data-cite="HTML#relevant-application-cache">relevant application
caches</a>, or from local resources or from the server if all
requests in the resource <a data-cite= "FETCH#concept-fetch">fetch</a>'s
request-chain (including redirects) pass the <a>timing allow check</a>
algorithm.</li>
caches</a>, or from local resources or from the server, if the
resource passes the <a>timing allow check</a> algorithm.</li>
<li>zero, otherwise.</li>
</ol>
<aside class="note">
Expand Down Expand Up @@ -703,10 +690,8 @@ <h3>The <dfn>PerformanceResourceTiming</dfn> Interface</h3>
<li>the size, in octets received from a <a data-cite=
"FETCH#http-network-fetch">HTTP-network fetch</a>, consumed by the
response header fields and the response <a data-cite=
"RFC7230#section-3.3">payload body</a> [[RFC7230]] if all
requests in the resource <a data-cite= "FETCH#concept-fetch">fetch</a>'s
request-chain (including redirects) pass the <a>timing allow check</a>
algorithm.
"RFC7230#section-3.3">payload body</a> [[RFC7230]], if the
resource passes the <a>timing allow check</a> algorithm.
<p>If there are HTTP redirects or <a data-cite="HTML#or-equivalent"
data-lt='HTTP response codes equivalence'>equivalent</a> when
navigating and if all the redirects or equivalent are from the same
Expand Down Expand Up @@ -741,9 +726,8 @@ <h3>The <dfn>PerformanceResourceTiming</dfn> Interface</h3>
"FETCH#http-network-or-cache-fetch">HTTP-network-or-cache</a>
fetch, of the <a data-cite="RFC7230#section-3.3">payload body</a>
[[RFC7230]], prior to removing any applied <a data-cite=
"RFC7231#section-3.1.2.1">content-codings</a> [[RFC7231]], if all
requests in the resource <a data-cite= "FETCH#concept-fetch">fetch</a>'s
request-chain (including redirects) pass the <a>timing allow check</a> algorithm.</li>
"RFC7231#section-3.1.2.1">content-codings</a> [[RFC7231]], if the
resource passes the <a>timing allow check</a> algorithm.</li>
<li>The size, in octets, of the <a data-cite=
"RFC7230#section-3.3">payload body</a> prior to removing any
applied <a data-cite="RFC7231#section-3.1.2.1">content-codings</a>
Expand All @@ -764,9 +748,8 @@ <h3>The <dfn>PerformanceResourceTiming</dfn> Interface</h3>
"FETCH#http-network-or-cache-fetch">HTTP-network-or-cache</a>
fetch, of the <a data-cite="RFC7230#section-3.3">message body</a>
[[RFC7230]], after removing any applied <a data-cite=
"RFC7231#section-3.1.2.1">content-codings</a> [[RFC7231]], if all
requests in the resource <a data-cite= "FETCH#concept-fetch">fetch</a>'s
request-chain (including redirects) pass the <a>timing allow check</a> algorithm.</li>
"RFC7231#section-3.1.2.1">content-codings</a> [[RFC7231]], if the
resource passes the <a>timing allow check</a> algorithm.</li>
<li>The size, in octets, of the <a data-cite=
"RFC7230#section-3.3">payload</a> after removing any applied
<a data-cite="RFC7231#section-3.1.2.1">content-codings</a>, if the
Expand Down Expand Up @@ -933,8 +916,8 @@ <h3>Cross-origin Resources</h3>
<a data-cite=
"PERFORMANCE-TIMELINE-2#performance-timeline">Performance
Timeline</a>. If the <a>timing allow check</a> algorithm fails for
a <a>cross-origin</a> resource, these attributes of its
<a>PerformanceResourceTiming</a> object MUST be set to zero:
a resource, these attributes of its <a>PerformanceResourceTiming</a>
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

removed the "cross-origin" wording, as we want the check to run on same-origin resources as well

object MUST be set to zero:
<a>redirectStart</a>, <a>redirectEnd</a>, <a>domainLookupStart</a>,
<a>domainLookupEnd</a>, <a>connectStart</a>, <a>connectEnd</a>,
<a>requestStart</a>, <a>responseStart</a>,
Expand Down Expand Up @@ -968,17 +951,23 @@ <h4><code>Timing-Allow-Origin</code> Response Header</h4>
whether a resource's timing information can be shared with the
<a>current document</a>, is as follows:</p>
<ol>
<li>
<p>If the resource is same origin, return <code>pass</code>.</p>
</li>
<li>
<p>If the <a>Timing-Allow-Origin</a> header value list contains a
case-sensitive match for the value of the <code><a data-cite=
"RFC6454#section-4" data-lt="http-origin">origin</a></code> of the
<a>current document</a>, or a wildcard ("<code>*</code>"), return
<code>pass</code>.</p>
</li>
<li>Return <code>fail</code>.</li>
<li><p>Let <var>tainted</var> be <code>false</code>.</p></li>
<li><p>For each request in the resource <a
data-cite="FETCH#concept-fetch">fetch</a> redirection-chain:</p>
<ol>
<li><p>If the <a>Timing-Allow-Origin</a> header value list
does not contain a value which is byte-for-byte identical to
the <a
data-cite="HTML#ascii-serialisation-of-an-origin">serialization</a>
of the <a>current document</a>'s <a
data-cite="DOM#concept-document-origin">origin</a>, nor a
wildcard ("<code>*</code>"), and the request is
<a>cross-origin</a> or <var>tainted</var> is
<code>true</code>, return <code>fail</code>.</p></li>
<li><p>If the request is <a>cross-origin</a>, set
<var>tainted</var> to <code>true</code>.</p></li>
</ol>
<li><p>Return pass.</p></li>
</ol>
</section>
<section id="sec-iana-considerations">
Expand Down Expand Up @@ -1008,7 +997,7 @@ <h3>Processing Model</h3>
<figcaption>This figure illustrates the timing attributes defined
by the <a>PerformanceResourceTiming</a> interface. Attributes in
parenthesis indicate that they may not be available if the resource
does not pass the <a>timing allow check</a> algorithm.</figcaption>
fails the <a>timing allow check</a> algorithm.</figcaption>
<!-- Source: https://docs.google.com/document/d/1I7XGNJ57Qgjkg9pL11s7MK7zGEcwAgdNj1W5f7NKbW8/ -->
<img src="timestamp-diagram.svg" alt="Resource Timing attributes"
style='margin-top: 1em'></figure>
Expand Down Expand Up @@ -1066,10 +1055,8 @@ <h3>Processing Model</h3>
reuse the data from another existing or completed <a data-cite=
"FETCH#concept-fetch">fetch</a> initiated from the <a>current
document</a></dfn>, abort the remaining steps.</li>
<li>If any request in the resource <a
data-cite="FETCH#concept-fetch">fetch</a>'s request-chain (including
redirects) fails the <a>timing allow check</a> algorithm, the user
agent MUST set <a>redirectStart</a>, <a>redirectEnd</a>,
<li>If the resource fails the <a>timing allow check</a> algorithm, the
user agent MUST set <a>redirectStart</a>, <a>redirectEnd</a>,
<a>domainLookupStart</a>, <a>domainLookupEnd</a>, <a>connectStart</a>,
<a>connectEnd</a>, <a>requestStart</a>, <a>responseStart</a> and
<a>secureConnectionStart</a> to zero and go to step <a href=
Expand Down