W3C home > Mailing lists > Public > public-web-perf@w3.org > February 2013

[Resource Timing]Statements about cross-origin redirect should be more clearly

From: Deng, Pan <pan.deng@intel.com>
Date: Mon, 4 Feb 2013 09:11:34 +0000
To: "public-web-perf@w3.org" <public-web-perf@w3.org>
Message-ID: <BA467B16E3516645B35B7BB72D744DBA0FDB09BB@SHSMSX102.ccr.corp.intel.com>
In Section 4.3 about 'redirectStart', 'redirectEnd', CR doc[1]says: "if any of the redirects are not from the same origin as the current document, and the Timing-Allow-Origin HTTP response header rules are met, this attribute must return ......"
What is the meaning of "Timing-Allow-Origin HTTP response header rules are met"?
Consider scenario: doc D req R1 -> R2 -> R3 -> R4. ( "->" : redirect, R4 is the final resource)
It may imply:
a), Any Ri's response timing-allowing-origin D. (apply to any Ri and doc D)
b), R1's response timing-allow-origin D, R2's response timing allow R1... till R4's response timing allow R3. (apply to redirect chain)

>From timing-allow-check algorithm in [2], it can be inferred that a) is the right one.
However, Processing Model 3.19a of [1] says "If the current resource and the resource that is redirected to are not from the same origin, set redirectStart and redirectEnd to 0". Here redirectStart/End should be reset once there is a cross-origin redirect, without Timing-Allow-Origin consideration at all, is it a typo here?

To make the spec more clearly, I suggest a small modification to avoid the inconsistency:
Statement in section 4.3 can be modified to "if any of the redirects are not from the same origin as the current document, and the Timing-Allow-Origin HTTP response header rules are met by current document",
and Processing Model 3.19a can be modified to "current resource and the document are not from same origin, and Timing-Allow-Origin HTTP response header rule is not met by the document, set redirectStart and redirectEnd to 0".
Any idea?

Thanks :)
Pan

[1] http://www.w3.org/TR/2012/CR-resource-timing-20120522/
[2] https://dvcs.w3.org/hg/webperf/raw-file/tip/specs/ResourceTiming/Overview.html#timing-allow-check
Received on Monday, 4 February 2013 09:12:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 4 February 2013 09:12:14 GMT