Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Consolidate iframe & object resource timing code paths
So far some of the logic in resource timing for subframe navigations iframe/object/embed) was duplicated, e.g. both in blink and in content. This has led to race conditions, inconsistencies and sometimes XSS leaks. This patch attempts to improve the situation by consolidating the code paths: - CorsUrlLoader registers redirect end time, and whether subframe navigations should be considered as "cross-origin" for resource timing (both defined in the fetch spec). - NavigationRequest saves is_container_initiated, which ensures only container-initiated navigations are reported to the parent, as specified in the HTML spec (https://html.spec.whatwg.org/#create-navigation-params-by-fetching, #8) - Both object fallbacks and cancelled navigations (204/205) report to the parent via RenderFrameImpl, and blink converts that to a ResourceTimingInfo object. This allows us to remove the duplicated resource timing creation code in //content. - We report fallback resource timing also for plugin error events and not only for load events. Bug: 1399862 Bug: 1410705 Change-Id: Id37d23cd02eee9e38f812e6f3da99caedafdee3d
- Loading branch information