Fix TimingAllowOrigin in ElementTiming and LargestContentfulPaint

This CL uses the computed timing_allow_passed_ from CORSUrlLoader to
determine the Timing-Allow-Origin checks for the ElementTiming and the
LargestContentfulPaint APIs. This works since OOR-CORS is now enabled
by default.

Bug: 1003943
Change-Id: Id571c5a39b2ef7c7565d3a1560a4b66a03ba7fdd
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1992590
Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Yoav Weiss <yoavweiss@chromium.org>
Cr-Commit-Position: refs/heads/master@{#730206}

content/renderer/loader/web_url_loader_impl.cc

@@ -1021,6 +1021,7 @@ void WebURLLoaderImpl::PopulateURLResponse(
       net::IsCertStatusError(head.cert_status));
   response->SetCTPolicyCompliance(head.ct_policy_compliance);
   response->SetIsLegacyTLSVersion(head.is_legacy_tls_version);
+  response->SetTimingAllowPassed(head.timing_allow_passed);
   response->SetAppCacheID(head.appcache_id);
   response->SetAppCacheManifestURL(head.appcache_manifest_url);
   response->SetWasCached(!head.load_timing.request_start_time.is_null() &&

third_party/blink/public/platform/web_url_response.h

@@ -216,6 +216,7 @@ class WebURLResponse {
   BLINK_PLATFORM_EXPORT void SetHasMajorCertificateErrors(bool);
   BLINK_PLATFORM_EXPORT void SetCTPolicyCompliance(net::ct::CTPolicyCompliance);
   BLINK_PLATFORM_EXPORT void SetIsLegacyTLSVersion(bool);
+  BLINK_PLATFORM_EXPORT void SetTimingAllowPassed(bool);
 
   BLINK_PLATFORM_EXPORT void SetSecurityStyle(SecurityStyle);
 

third_party/blink/renderer/core/paint/image_element_timing.cc

@@ -150,14 +150,8 @@ void ImageElementTiming::NotifyImagePaintedInternal(
   DCHECK(layout_object.GetDocument().GetSecurityOrigin());
   // It's ok to expose rendering timestamp for data URIs so exclude those from
   // the Timing-Allow-Origin check.
-  bool response_tainting_not_basic = false;
-  bool tainted_origin_flag = false;
   if (!url.ProtocolIsData() &&
-      !Performance::PassesTimingAllowCheck(
-          cached_image.GetResponse(), cached_image.GetResponse(),
-          *layout_object.GetDocument().GetSecurityOrigin(),
-          &layout_object.GetDocument(), &response_tainting_not_basic,
-          &tainted_origin_flag)) {
+      !cached_image.GetResponse().TimingAllowPassed()) {
     WindowPerformance* performance =
         DOMWindowPerformance::performance(*GetSupplementable());
     if (performance) {

third_party/blink/renderer/core/paint/largest_contentful_paint_calculator.cc

@@ -121,18 +121,8 @@ void LargestContentfulPaintCalculator::UpdateLargestContentfulPaint(
       return;
 
     const KURL& url = cached_image->Url();
-    auto* document = window_performance_->GetExecutionContext();
-    bool expose_paint_time_to_api = true;
-    bool response_tainting_not_basic = false;
-    bool tainted_origin_flag = false;
-    if (!url.ProtocolIsData() &&
-        (!document ||
-         !Performance::PassesTimingAllowCheck(
-             cached_image->GetResponse(), cached_image->GetResponse(),
-             *document->GetSecurityOrigin(), document,
-             &response_tainting_not_basic, &tainted_origin_flag))) {
-      expose_paint_time_to_api = false;
-    }
+    bool expose_paint_time_to_api =
+        url.ProtocolIsData() || cached_image->GetResponse().TimingAllowPassed();
     const String& image_url =
         url.ProtocolIsData()
             ? url.GetString().Left(ImageElementTiming::kInlineImageMaxChars)

third_party/blink/renderer/platform/exported/web_url_response.cc

@@ -244,6 +244,10 @@ void WebURLResponse::SetIsLegacyTLSVersion(bool value) {
   resource_response_->SetIsLegacyTLSVersion(value);
 }
 
+void WebURLResponse::SetTimingAllowPassed(bool value) {
+  resource_response_->SetTimingAllowPassed(value);
+}
+
 void WebURLResponse::SetSecurityStyle(SecurityStyle security_style) {
   resource_response_->SetSecurityStyle(security_style);
 }

third_party/blink/renderer/platform/loader/fetch/resource_response.h

@@ -282,6 +282,9 @@ class PLATFORM_EXPORT ResourceResponse final {
   bool IsLegacyTLSVersion() const { return is_legacy_tls_version_; }
   void SetIsLegacyTLSVersion(bool value) { is_legacy_tls_version_ = value; }
 
+  bool TimingAllowPassed() const { return timing_allow_passed_; }
+  void SetTimingAllowPassed(bool value) { timing_allow_passed_ = value; }
+
   SecurityStyle GetSecurityStyle() const { return security_style_; }
   void SetSecurityStyle(SecurityStyle security_style) {
     security_style_ = security_style;
@@ -504,6 +507,10 @@ class PLATFORM_EXPORT ResourceResponse final {
   // will be removed in the future.
   bool is_legacy_tls_version_ = false;
 
+  // True if the Timing-Allow-Origin check passes.
+  // https://fetch.spec.whatwg.org/#concept-response-timing-allow-passed
+  bool timing_allow_passed_ = false;
+
   // The time at which the resource's certificate expires. Null if there was no
   // certificate.
   base::Time cert_validity_start_;

third_party/blink/web_tests/TestExpectations

@@ -6766,10 +6766,6 @@ crbug.com/783154 [ Linux Debug ] virtual/audio-service/media/controls/doubletap-
 crbug.com/994692 [ Linux ] compositing/reflections/nested-reflection-anchor-point.html [ Pass Failure ]
 crbug.com/994692 [ Win ] compositing/reflections/nested-reflection-anchor-point.html [ Pass Failure ]
 
-crbug.com/1003943 external/wpt/element-timing/multi-redirect-image.html [ Failure ]
-crbug.com/1003943 virtual/scalefactor200/external/wpt/element-timing/multi-redirect-image.html [ Failure ]
-crbug.com/1003943 virtual/scalefactor200withoutzoom/external/wpt/element-timing/multi-redirect-image.html [ Failure ]
-
 # Video flakily not being being rendered on Mac
 crbug.com/979298 [ Mac ] media/controls/captions-menu-always-visible.html [ Pass Failure ]
 crbug.com/979298 [ Mac ] media/controls/overflow-menu-always-visible.html [ Pass Failure ]

third_party/blink/web_tests/external/wpt/element-timing/multi-redirect-image.html

@@ -18,7 +18,7 @@ async_test(t => {
             + '/resource-timing/resources/multi_redirect.py?';
     destUrl += 'page_origin=' +  get_host_info().HTTP_ORIGIN;
     destUrl += '&cross_origin=' + get_host_info().HTTP_REMOTE_ORIGIN;
-    destUrl += '&final_resource=' + '/images/blue.png';
+    destUrl += '&final_resource=' + '/element-timing/resources/circle.svg';
     destUrl += '&timing_allow=1';
     destUrl += '&tao_steps=';
     for (let taoSteps=0; taoSteps < 4; taoSteps++) {

third_party/blink/web_tests/external/wpt/element-timing/resources/circle.svg.headers

+Timing-Allow-Origin: *

third_party/blink/web_tests/external/wpt/largest-contentful-paint/multi-redirects-TAO.html

+<!DOCTYPE HTML>
+<html>
+<head>
+<meta charset="utf-8" />
+<title>This test validates LargestContenfulPaint information for cross-origin redirect chain images.</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="resources/largest-contentful-paint-helpers.js"></script>
+<script src=/common/get-host-info.sub.js></script>
+</head>
+<body>
+<script>
+async_test(t => {
+    if (!window.LargestContentfulPaint) {
+      assert_unreached("LargestContentfulPaint is not implemented");
+    }
+    let destUrl = get_host_info().HTTP_REMOTE_ORIGIN
+            + '/resource-timing/resources/multi_redirect.py?';
+    destUrl += 'page_origin=' +  get_host_info().HTTP_ORIGIN;
+    destUrl += '&cross_origin=' + get_host_info().HTTP_REMOTE_ORIGIN;
+    destUrl += '&final_resource=' + '/element-timing/resources/circle.svg';
+    destUrl += '&timing_allow=1';
+    destUrl += '&tao_steps=';
+
+    const image = document.createElement('img');
+    image.src = destUrl + '0';
+    image.setAttribute('id', 'id');
+    document.body.appendChild(image);
+
+    let numObserved = 0;
+    let beforeLoad = performance.now();
+
+    new PerformanceObserver(t.step_func(entries => {
+        assert_equals(entries.getEntries().length, 1);
+        const entry = entries.getEntries()[0];
+        const options = numObserved === 3 ? [] : ['renderTimeIs0'];
+        checkImage(entry, destUrl + numObserved, 'id', 200 * 200, beforeLoad, options);
+        numObserved++;
+        if (numObserved === 4)
+            t.done();
+        else {
+            // Change the image to trigger a new LCP entry.
+            const img = document.getElementById('id');
+            image.src = destUrl + numObserved;
+            beforeLoad = performance.now();
+        }
+    })).observe({type: 'largest-contentful-paint'});
+}, 'Cross-origin image without TAO should not have its renderTime set, with full TAO it should.');
+</script>
+</body>
+</html>
+