Guard TimingAllowPassed() usage on OutOfBlinkCors flag

Currently, the TimingAllowPassed() check is used regardless of whether the OutOfBlinkCors flag is enabled or not. However, the check is only computed when the flag is enabled, so in this CL we revert back to the old behavior from before when the flag is disabled. See related change: https://chromium-review.googlesource.com/c/chromium/src/+/1992590 Bug: 1003943, 1042580 Change-Id: Ifafbae93aaa58166fbb8007d30a3f18620029b16 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2003754 Commit-Queue: Nicolás Peña Moreno <npm@chromium.org> Reviewed-by: Yoav Weiss <yoavweiss@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Cr-Commit-Position: refs/heads/master@{#733029}

Guard TimingAllowPassed() usage on OutOfBlinkCors flag
Currently, the TimingAllowPassed() check is used regardless of whether the OutOfBlinkCors flag is enabled or not. However, the check is only computed when the flag is enabled, so in this CL we revert back to the old behavior from before when the flag is disabled. See related change: https://chromium-review.googlesource.com/c/chromium/src/+/1992590 Bug: 1003943, 1042580 Change-Id: Ifafbae93aaa58166fbb8007d30a3f18620029b16 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2003754 Commit-Queue: Nicolás Peña Moreno <npm@chromium.org> Reviewed-by: Yoav Weiss <yoavweiss@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Cr-Commit-Position: refs/heads/master@{#733029}
f7a90124 · Nicolás Peña Moreno · Commit Bot · 0bc34221 · f7a90124 · f7a90124
Commit f7a90124 authored Jan 17, 2020 by Nicolás Peña Moreno Committed by Commit Bot Jan 17, 2020
2 changed files
--- a/third_party/blink/renderer/core/paint/image_element_timing.cc
+++ b/third_party/blink/renderer/core/paint/image_element_timing.cc
@@ -150,18 +150,35 @@ void ImageElementTiming::NotifyImagePaintedInternal(
  DCHECK(layout_object.GetDocument().GetSecurityOrigin());
  // It's ok to expose rendering timestamp for data URIs so exclude those from
  // the Timing-Allow-Origin check.
-  if (!url.ProtocolIsData() &&
-      !cached_image.GetResponse().TimingAllowPassed()) {
-    WindowPerformance* performance =
-        DOMWindowPerformance::performance(*GetSupplementable());
-    if (performance) {
-      // Create an entry with a |startTime| of 0.
-      performance->AddElementTiming(
-          ImagePaintString(), url.GetString(), intersection_rect,
-          base::TimeTicks(), load_time, attr,
-          cached_image.IntrinsicSize(respect_orientation), id, element);
+  if (!url.ProtocolIsData()) {
+    bool timing_allow_check = false;
+    // Use the TimingAllowPassed() check from the response if OutOfBlinkCors is
+    // enabled. If it is not enabled then that flag is not computed, so use to
+    // the single PassesTimingAllowCheck(), which is incorrect because it does
+    // not check the full redirect chain. See crbug.com/1003943.
+    if (RuntimeEnabledFeatures::OutOfBlinkCorsEnabled()) {
+      timing_allow_check = cached_image.GetResponse().TimingAllowPassed();
+    } else {
+      bool response_tainting_not_basic = false;
+      bool tainted_origin_flag = false;
+      timing_allow_check = Performance::PassesTimingAllowCheck(
+          cached_image.GetResponse(), cached_image.GetResponse(),
+          *layout_object.GetDocument().GetSecurityOrigin(),
+          &layout_object.GetDocument(), &response_tainting_not_basic,
+          &tainted_origin_flag);
+    }
+    if (!timing_allow_check) {
+      WindowPerformance* performance =
+          DOMWindowPerformance::performance(*GetSupplementable());
+      if (performance) {
+        // Create an entry with a |startTime| of 0.
+        performance->AddElementTiming(
+            ImagePaintString(), url.GetString(), intersection_rect,
+            base::TimeTicks(), load_time, attr,
+            cached_image.IntrinsicSize(respect_orientation), id, element);
+      }
+      return;
    }
-    return;
  }

  // If the image URL is a data URL ("data:image/..."), then the |name| of the

--- a/third_party/blink/renderer/core/paint/largest_contentful_paint_calculator.cc
+++ b/third_party/blink/renderer/core/paint/largest_contentful_paint_calculator.cc
@@ -121,8 +121,24 @@ void LargestContentfulPaintCalculator::UpdateLargestContentfulPaint(
      return;

    const KURL& url = cached_image->Url();
-    bool expose_paint_time_to_api =
-        url.ProtocolIsData() || cached_image->GetResponse().TimingAllowPassed();
+    bool expose_paint_time_to_api = url.ProtocolIsData();
+    // Use TimingAllowPassed() if possible, see comment in ImageElementTiming.
+    if (!expose_paint_time_to_api) {
+      if (RuntimeEnabledFeatures::OutOfBlinkCorsEnabled()) {
+        expose_paint_time_to_api =
+            cached_image->GetResponse().TimingAllowPassed();
+      } else {
+        auto* document = window_performance_->GetExecutionContext();
+        bool response_tainting_not_basic = false;
+        bool tainted_origin_flag = false;
+        expose_paint_time_to_api =
+            document &&
+            Performance::PassesTimingAllowCheck(
+                cached_image->GetResponse(), cached_image->GetResponse(),
+                *document->GetSecurityOrigin(), document,
+                &response_tainting_not_basic, &tainted_origin_flag);
+      }
+    }
    const String& image_url =
        url.ProtocolIsData()
            ? url.GetString().Left(ImageElementTiming::kInlineImageMaxChars)