RE: [Resource Timing]Statements about cross-origin redirect should be more clearly from Jatinder Mann on 2013-04-09 (public-web-perf@w3.org from April 2013)

From: Jatinder Mann <jmann@microsoft.com>
Date: Tue, 9 Apr 2013 23:49:36 +0000
To: "Deng, Pan" <pan.deng@intel.com>, "public-web-perf@w3.org" <public-web-perf@w3.org>
Message-ID: <c219d04e2c204d5cbd9712ea5a774f22@BY2PR03MB074.namprd03.prod.outlook.com>

Pan,

I noticed that you are referring to the May 2012 CR version of the spec below. If you look at the latest Editor's draft, https://dvcs.w3.org/hg/webperf/raw-file/tip/specs/ResourceTiming/Overview.html, I had previously made spec changes to clarify the "timing allow check" algorithm.

I went ahead and made some more clarifications to both the redirectStart and redirectEnd definitions in Section 4.3 and the processing model step 3.19a in Section 5.1 based on your feedback. Let me know if this spec text helps resolve your concerns.

Thanks,
Jatinder

From: Deng, Pan [mailto:pan.deng@intel.com]
Sent: Monday, April 1, 2013 2:10 AM
To: Jatinder Mann; public-web-perf@w3.org
Subject: RE: [Resource Timing]Statements about cross-origin redirect should be more clearly

Retrieve this thread as it is cold.
I think the proposed clarification will clear the usage for browser/web developer, and it won't change intended meaning of Resource Timing spec, any comments? :)

Thanks
Pan

From: Deng, Pan [mailto:pan.deng@intel.com]
Sent: Monday, February 04, 2013 5:12 PM
To: public-web-perf@w3.org<mailto:public-web-perf@w3.org>
Subject: [Resource Timing]Statements about cross-origin redirect should be more clearly

In Section 4.3 about 'redirectStart', 'redirectEnd', CR doc[1]says: "if any of the redirects are not from the same origin as the current document, and the Timing-Allow-Origin HTTP response header rules are met, this attribute must return ......"
What is the meaning of "Timing-Allow-Origin HTTP response header rules are met"?
Consider scenario: doc D req R1 -> R2 -> R3 -> R4. ( "->" : redirect, R4 is the final resource)
It may imply:
a), Any Ri's response timing-allowing-origin D. (apply to any Ri and doc D)
b), R1's response timing-allow-origin D, R2's response timing allow R1... till R4's response timing allow R3. (apply to redirect chain)

>From timing-allow-check algorithm in [2], it can be inferred that a) is the right one.
However, Processing Model 3.19a of [1] says "If the current resource and the resource that is redirected to are not from the same origin, set redirectStart and redirectEnd to 0". Here redirectStart/End should be reset once there is a cross-origin redirect, without Timing-Allow-Origin consideration at all, is it a typo here?

To make the spec more clearly, I suggest a small modification to avoid the inconsistency:
Statement in section 4.3 can be modified to "if any of the redirects are not from the same origin as the current document, and the Timing-Allow-Origin HTTP response header rules are met by current document",
and Processing Model 3.19a can be modified to "current resource and the document are not from same origin, and Timing-Allow-Origin HTTP response header rule is not met by the document, set redirectStart and redirectEnd to 0".
Any idea?

Thanks :)
Pan

[1] http://www.w3.org/TR/2012/CR-resource-timing-20120522/
[2] https://dvcs.w3.org/hg/webperf/raw-file/tip/specs/ResourceTiming/Overview.html#timing-allow-check

Received on Tuesday, 9 April 2013 23:50:45 UTC