[Resource Timing] Align TAO parsing to spec

TAO parsing had two issues: * It was splitting the host values on whitespace rather than a comma. This used to be the specified behavior, but changed in https://github.com/w3c/resource-timing/pull/68 * When it was checking the different hosts in the host list, it was not checking for "*" as a possible value. This CL fixes those two issues and aligns the test expectations accordingly. Bug: 651861, 833032, 626703 Change-Id: I8a3b7e705ed7089719ad0f52607363392c7de934 Reviewed-on: https://chromium-review.googlesource.com/1013409Reviewed-by: Nicolás Peña Moreno <npm@chromium.org> Commit-Queue: Yoav Weiss <yoav@yoav.ws> Cr-Commit-Position: refs/heads/master@{#552127}

[Resource Timing] Align TAO parsing to spec
TAO parsing had two issues: * It was splitting the host values on whitespace rather than a comma. This used to be the specified behavior, but changed in https://github.com/w3c/resource-timing/pull/68 * When it was checking the different hosts in the host list, it was not checking for "*" as a possible value. This CL fixes those two issues and aligns the test expectations accordingly. Bug: 651861, 833032, 626703 Change-Id: I8a3b7e705ed7089719ad0f52607363392c7de934 Reviewed-on: https://chromium-review.googlesource.com/1013409Reviewed-by: Nicolás Peña Moreno <npm@chromium.org> Commit-Queue: Yoav Weiss <yoav@yoav.ws> Cr-Commit-Position: refs/heads/master@{#552127}
d65176dd · Yoav Weiss · Commit Bot · c976e6be · d65176dd · c976e6be
Commit d65176dd authored Apr 19, 2018 by Yoav Weiss Committed by Commit Bot Apr 19, 2018
13 changed files
--- a/third_party/WebKit/LayoutTests/TestExpectations
+++ b/third_party/WebKit/LayoutTests/TestExpectations
@@ -2140,12 +2140,6 @@ crbug.com/705125 fast/mediacapturefromelement/CanvasCaptureMediaStream-capture-o
 # Skip the non-virtualized CORS-RFC1918 tests:
 crbug.com/763830 http/tests/security/cors-rfc1918/ [ Skip ]
-# This test has a failure console message with specific performance
-# numbers so a consistent baseline cannot be added. This test could be
-# imported if the test passed or if the results for testharness tests
-# were matched on pass/fail but not exact error messages.
-crbug.com/626703 external/wpt/resource-timing/resource_TAO_space.htm [ Pass Failure ]
 crbug.com/822757 external/wpt/resource-timing/resource_initiator_types.html [ Pass Failure ]
 # Working on getting the CSP tests going:

--- a/third_party/WebKit/LayoutTests/external/wpt/resource-timing/resource_TAO_match_origin-expected.txt
+++ b/third_party/WebKit/LayoutTests/external/wpt/resource-timing/resource_TAO_match_origin-expected.txt
-This is a testharness.js-based test.
-PASS window.performance is defined
-PASS window.performance.getEntriesByType is defined
-FAIL redirectStart, redirectEnd, domainLookupStart, domainLookupEnd, connectStart, connectEnd, secureConnectionStart, requestStart, and responseStart -- should NOT be all returned as 0 when the Timing-Allow-Origin header value list contains a case-sensitive match for the value of the origin of the current document and TAO algorithm passes assert_true: redirectStart, redirectEnd, domainLookupStart, domainLookupEnd, connectStart, connectEnd, secureConnectionStart, requestStart, and responseStart -- should NOT be all returned as 0 when the Timing-Allow-Origin header value list contains a case-sensitive match for the value of the origin of the current document and TAO algorithm passes expected true got false
-Harness: the test ran to completion.
--- a/third_party/WebKit/LayoutTests/external/wpt/resource-timing/resource_TAO_match_wildcard-expected.txt
+++ b/third_party/WebKit/LayoutTests/external/wpt/resource-timing/resource_TAO_match_wildcard-expected.txt
-This is a testharness.js-based test.
-PASS window.performance is defined
-PASS window.performance.getEntriesByType is defined
-FAIL redirectStart, redirectEnd, domainLookupStart, domainLookupEnd, connectStart, connectEnd, secureConnectionStart, requestStart, and responseStart -- should NOT be all returned as 0 when the Timing-Allow-Origin header value list contains a wildcard ("*") and TAO algorithm passes assert_true: redirectStart, redirectEnd, domainLookupStart, domainLookupEnd, connectStart, connectEnd, secureConnectionStart, requestStart, and responseStart -- should NOT be all returned as 0 when the Timing-Allow-Origin header value list contains a wildcard ("*") and TAO algorithm passes expected true got false
-Harness: the test ran to completion.
--- a/third_party/WebKit/LayoutTests/external/wpt/resource-timing/resource_TAO_multi-expected.txt
+++ b/third_party/WebKit/LayoutTests/external/wpt/resource-timing/resource_TAO_multi-expected.txt
-This is a testharness.js-based test.
-PASS window.performance is defined
-PASS window.performance.getEntriesByType is defined
-FAIL redirectStart, redirectEnd, domainLookupStart, domainLookupEnd, connectStart, connectEnd, secureConnectionStart, requestStart, and responseStart -- should not be all returned as 0 when the HTTP response has multiple Timing-Allow-Origin header fields and the subsequent field value is separated by a comma, i.e. TAO algorithm passes assert_true: redirectStart, redirectEnd, domainLookupStart, domainLookupEnd, connectStart, connectEnd, secureConnectionStart, requestStart, and responseStart -- should not be all returned as 0 when the HTTP response has multiple Timing-Allow-Origin header fields and the subsequent field value is separated by a comma, i.e. TAO algorithm passes expected true got false
-Harness: the test ran to completion.
--- a/third_party/WebKit/LayoutTests/external/wpt/resource-timing/resources/TAOResponse.py
+++ b/third_party/WebKit/LayoutTests/external/wpt/resource-timing/resources/TAOResponse.py
@@ -20,19 +20,19 @@ def main(request, response):
    # space seperated list of origin and wildcard, fail
        response.headers.set('Timing-Allow-Origin', (origin + ' *'))
    elif tao == 'multi':
-    # more than one TAO values, seperated by common, pass
+    # more than one TAO values, seperated by comma, pass
        response.headers.set('Timing-Allow-Origin', origin)
        response.headers.append('Timing-Allow-Origin', '*')
    elif tao == 'match_origin':
-    # contains a match of origin, seperated by common, pass
+    # contains a match of origin, seperated by comma, pass
        response.headers.set('Timing-Allow-Origin', origin)
        response.headers.append('Timing-Allow-Origin', "fake")
    elif tao == 'match_wildcard':
-    # contains a wildcard, seperated by common, pass
+    # contains a wildcard, seperated by comma, pass
        response.headers.set('Timing-Allow-Origin', "fake")
        response.headers.append('Timing-Allow-Origin', '*')
    elif tao == 'uppercase':
    # non-case-sensitive match for origin, fail
        response.headers.set('Timing-Allow-Origin', origin.upper())
    else:
        pass
\ No newline at end of file
--- a/third_party/WebKit/LayoutTests/platform/linux/external/wpt/resource-timing/resource_TAO_space-expected.txt
+++ b/third_party/WebKit/LayoutTests/platform/linux/external/wpt/resource-timing/resource_TAO_space-expected.txt
-This is a testharness.js-based test.
-PASS window.performance is defined
-PASS window.performance.getEntriesByType is defined
-FAIL redirectStart, redirectEnd, domainLookupStart, domainLookupEnd, connectStart, connectEnd, secureConnectionStart, requestStart, and responseStart -- should be all returned as 0 when the Timing-Allow-Origin header value of the HTTP response is a space separated origin/wildcard list assert_equals: redirectStart, redirectEnd, domainLookupStart, domainLookupEnd, connectStart, connectEnd, secureConnectionStart, requestStart, and responseStart -- should be all returned as 0 when the Timing-Allow-Origin header value of the HTTP response is a space separated origin/wildcard list expected 0 but got 69.64500000000001
-Harness: the test ran to completion.
--- a/third_party/WebKit/LayoutTests/platform/mac-mac10.10/external/wpt/resource-timing/resource_TAO_space-expected.txt
+++ b/third_party/WebKit/LayoutTests/platform/mac-mac10.10/external/wpt/resource-timing/resource_TAO_space-expected.txt
-This is a testharness.js-based test.
-PASS window.performance is defined
-PASS window.performance.getEntriesByType is defined
-FAIL redirectStart, redirectEnd, domainLookupStart, domainLookupEnd, connectStart, connectEnd, secureConnectionStart, requestStart, and responseStart -- should be all returned as 0 when the Timing-Allow-Origin header value of the HTTP response is a space separated origin/wildcard list assert_equals: redirectStart, redirectEnd, domainLookupStart, domainLookupEnd, connectStart, connectEnd, secureConnectionStart, requestStart, and responseStart -- should be all returned as 0 when the Timing-Allow-Origin header value of the HTTP response is a space separated origin/wildcard list expected 0 but got 70.12500000000001
-Harness: the test ran to completion.
--- a/third_party/WebKit/LayoutTests/platform/mac-mac10.11/external/wpt/resource-timing/resource_TAO_space-expected.txt
+++ b/third_party/WebKit/LayoutTests/platform/mac-mac10.11/external/wpt/resource-timing/resource_TAO_space-expected.txt
-This is a testharness.js-based test.
-PASS window.performance is defined
-PASS window.performance.getEntriesByType is defined
-FAIL redirectStart, redirectEnd, domainLookupStart, domainLookupEnd, connectStart, connectEnd, secureConnectionStart, requestStart, and responseStart -- should be all returned as 0 when the Timing-Allow-Origin header value of the HTTP response is a space separated origin/wildcard list assert_equals: redirectStart, redirectEnd, domainLookupStart, domainLookupEnd, connectStart, connectEnd, secureConnectionStart, requestStart, and responseStart -- should be all returned as 0 when the Timing-Allow-Origin header value of the HTTP response is a space separated origin/wildcard list expected 0 but got 65.33500000000001
-Harness: the test ran to completion.
--- a/third_party/WebKit/LayoutTests/platform/mac-retina/external/wpt/resource-timing/resource_TAO_space-expected.txt
+++ b/third_party/WebKit/LayoutTests/platform/mac-retina/external/wpt/resource-timing/resource_TAO_space-expected.txt
-This is a testharness.js-based test.
-PASS window.performance is defined
-PASS window.performance.getEntriesByType is defined
-FAIL redirectStart, redirectEnd, domainLookupStart, domainLookupEnd, connectStart, connectEnd, secureConnectionStart, requestStart, and responseStart -- should be all returned as 0 when the Timing-Allow-Origin header value of the HTTP response is a space separated origin/wildcard list assert_equals: redirectStart, redirectEnd, domainLookupStart, domainLookupEnd, connectStart, connectEnd, secureConnectionStart, requestStart, and responseStart -- should be all returned as 0 when the Timing-Allow-Origin header value of the HTTP response is a space separated origin/wildcard list expected 0 but got 90.58
-Harness: the test ran to completion.
--- a/third_party/WebKit/LayoutTests/platform/mac/external/wpt/resource-timing/resource_TAO_space-expected.txt
+++ b/third_party/WebKit/LayoutTests/platform/mac/external/wpt/resource-timing/resource_TAO_space-expected.txt
-This is a testharness.js-based test.
-PASS window.performance is defined
-PASS window.performance.getEntriesByType is defined
-FAIL redirectStart, redirectEnd, domainLookupStart, domainLookupEnd, connectStart, connectEnd, secureConnectionStart, requestStart, and responseStart -- should be all returned as 0 when the Timing-Allow-Origin header value of the HTTP response is a space separated origin/wildcard list assert_equals: redirectStart, redirectEnd, domainLookupStart, domainLookupEnd, connectStart, connectEnd, secureConnectionStart, requestStart, and responseStart -- should be all returned as 0 when the Timing-Allow-Origin header value of the HTTP response is a space separated origin/wildcard list expected 0 but got 63.47000000000001
-Harness: the test ran to completion.
--- a/third_party/WebKit/LayoutTests/platform/win/external/wpt/resource-timing/resource_TAO_space-expected.txt
+++ b/third_party/WebKit/LayoutTests/platform/win/external/wpt/resource-timing/resource_TAO_space-expected.txt
-This is a testharness.js-based test.
-PASS window.performance is defined
-PASS window.performance.getEntriesByType is defined
-FAIL redirectStart, redirectEnd, domainLookupStart, domainLookupEnd, connectStart, connectEnd, secureConnectionStart, requestStart, and responseStart -- should be all returned as 0 when the Timing-Allow-Origin header value of the HTTP response is a space separated origin/wildcard list assert_equals: redirectStart, redirectEnd, domainLookupStart, domainLookupEnd, connectStart, connectEnd, secureConnectionStart, requestStart, and responseStart -- should be all returned as 0 when the Timing-Allow-Origin header value of the HTTP response is a space separated origin/wildcard list expected 0 but got 77.16000000000001
-Harness: the test ran to completion.
--- a/third_party/WebKit/LayoutTests/platform/win7/external/wpt/resource-timing/resource_TAO_space-expected.txt
+++ b/third_party/WebKit/LayoutTests/platform/win7/external/wpt/resource-timing/resource_TAO_space-expected.txt
-This is a testharness.js-based test.
-PASS window.performance is defined
-PASS window.performance.getEntriesByType is defined
-FAIL redirectStart, redirectEnd, domainLookupStart, domainLookupEnd, connectStart, connectEnd, secureConnectionStart, requestStart, and responseStart -- should be all returned as 0 when the Timing-Allow-Origin header value of the HTTP response is a space separated origin/wildcard list assert_equals: redirectStart, redirectEnd, domainLookupStart, domainLookupEnd, connectStart, connectEnd, secureConnectionStart, requestStart, and responseStart -- should be all returned as 0 when the Timing-Allow-Origin header value of the HTTP response is a space separated origin/wildcard list expected 0 but got 87.61000000000001
-Harness: the test ran to completion.
--- a/third_party/blink/renderer/core/timing/performance.cc
+++ b/third_party/blink/renderer/core/timing/performance.cc
@@ -280,21 +280,29 @@ bool Performance::PassesTimingAllowCheck(
      EqualIgnoringASCIICase(timing_allow_origin_string, "null"))
    return false;
+  // The condition below if only needed for use-counting purposes.
  if (timing_allow_origin_string == "*") {
    UseCounter::Count(context, WebFeature::kStarInTimingAllowOrigin);
    return true;
  }
+  // TODO(yoav): Use CommaDelimitedHeaderSet instead of this one-off parsing
+  // algorithm.
  const String& security_origin = initiator_security_origin.ToString();
  Vector<String> timing_allow_origins;
-  timing_allow_origin_string.GetString().Split(' ', timing_allow_origins);
+  timing_allow_origin_string.GetString().Split(',', timing_allow_origins);
-  if (timing_allow_origins.size() > 1)
+  if (timing_allow_origins.size() > 1) {
    UseCounter::Count(context, WebFeature::kMultipleOriginsInTimingAllowOrigin);
-  else if (timing_allow_origins.size() == 1)
+  } else if (timing_allow_origins.size() == 1 &&
+             timing_allow_origin_string != "*") {
    UseCounter::Count(context, WebFeature::kSingleOriginInTimingAllowOrigin);
+  }
  for (const String& allow_origin : timing_allow_origins) {
-    if (allow_origin == security_origin)
+    const String allow_origin_stripped = allow_origin.StripWhiteSpace();
+    if (allow_origin_stripped == security_origin ||
+        allow_origin_stripped == "*") {
      return true;
+    }
  }
  return false;