From 1ff5ac20807221180506f2b49e8a87abbdee6dd8 Mon Sep 17 00:00:00 2001
From: Noam Rosenthal
- As detailed in [=Fetch=], requests for cross-origin resources are
- included as PerformanceResourceTiming objects in the
- Performance
- Timeline. If the timing
- allow check algorithm fails for a cross-origin resource, the
+
+ This section is non-normative.
+
+ If the timing
+ allow check algorithm fails for a cross-origin resource, the
entry will be an [=create an opaque timing info|opaque entry=]. Such
entries have most of their attributes masked in order to prevent
leaking cross-origin data that isn't otherwise exposed. So, for an
@@ -1066,23 +1073,45 @@
Cross-origin Resources
-
+ Introduction
+
+
{{PerformanceResourceTiming/firstInterimResponseStart}},
{{PerformanceResourceTiming/finalResponseHeadersStart}},
{{PerformanceResourceTiming/responseStart}},
- {{PerformanceResourceTiming/secureConnectionStart}},
- {{PerformanceResourceTiming/transferSize}},
- {{PerformanceResourceTiming/encodedBodySize}}, and
- {{PerformanceResourceTiming/decodedBodySize}}. Further, the
- {{PerformanceResourceTiming/nextHopProtocol}} attribute will be set
- to the empty string.
+ {{PerformanceResourceTiming/secureConnectionStart}}. Further, the
+ {{PerformanceResourceTiming/nextHopProtocol}} attribute will be set
+ to the empty string.
- Server-side applications may return the Timing-Allow-Origin - HTTP response header to allow the User Agent to fully expose, to the - document origin(s) specified, the values of attributes that would - have been zero due to those cross-origin restrictions. + Some of the properties, like {{PerformanceResourceTiming/contentType}}, + {{PerformanceResourceTiming/encodedBodySize}}, and + {{PerformanceResourceTiming/decodedBodySize}} are set to zero (or the empty string in the case of + {{PerformanceResourceTiming/contentType}}) when the response is CORS-cross-origin. + + {{PerformanceResourceTiming/transferSize}} is affected both by the timing + allow check and by the CORS-cross-origin status. +
+ ++ For requests handled by a [=service worker=] using {{FetchEvent/respondWith()}}, the reported timing data reflects the + interaction between + the client and the service worker, + rather than the service worker's own internal network activity. + For example, the service worker might respond to a same-origin request with a cross-origin response or vice versa, + or return a cached or synthetic response to either. + Given that, resources forwarded from a service worker do not tell the whole story + of fetching the resource, and do not go through the timing + allow check. + To get the full information about those fetches, the service worker's own performance timeline + can be inspected. [[SERVICE-WORKERS]]
+Timing-Allow-Origin Response Header
+ Server-side applications may return the Timing-Allow-Origin + HTTP response header to allow the User Agent to fully expose, to the + document origin(s) specified, the values of attributes that would + have been zero due to those cross-origin restrictions. +
The Timing-Allow-Origin HTTP response header field can
be used to communicate a policy indicating origin(s) that may be
From 72122db198eee1ef36c1cbc1912afa3b15b3434f Mon Sep 17 00:00:00 2001
From: Noam Rosenthal
+
- Note: the request for a font resource specified with
-
"body", if the request is a result of processing the
[^body^] element's background attribute that's
already obsolete.
-
- "css", if the request is a result of processing a
- CSS url() directive such as @import
- url() or background: url(); [[CSS-VALUES]]
- @font-face in CSS is a result of processing a CSS
- directive. Therefore, the `initiatorType` for this font
- resource is "css".
- @import
+ url() or
+ background: url();
+ [[CSS-VALUES]]
+
+ Note: the request for a font resource specified with
+ @font-face in CSS is a result of processing a CSS
+ directive. Therefore, the `initiatorType` for this font
+ resource is "css".
+
"script", if the request is a result of loading any
@@ -486,8 +487,8 @@ "font", if the request is the result of processing
fonts. This can happen when fonts request subsequent resources,
e.g, when [[[INCREMENTAL_FONT_TRANSFER]]] is used.
- "fetch", if the request is the result of processing
the {{WindowOrWorkerGlobalScope/fetch()}} method;
"embed", if the request is the result of processing
an [^embed^] element's [^embed/src^].
- "link", if the request is the result of processing
- an [^link^] element.
- "object", if the request is the result of processing
- an [^object^] element.
- "early-hints", if the request is the result of
- processing an [[[EARLY_HINTS]]] response.
- "link", if the request is the result of processing
+ an [^link^] element.
+ "object", if the request is the result of processing
+ an [^object^] element.
+ "early-hints", if the request is the result of
+ processing an [[[EARLY_HINTS]]] response.
+ "other", if none of the above conditions match.
The contentEncoding getter steps are to return this's resource - info 's [=response body info/content encoding=]. -
-+ info 's [=response body info/content encoding=]. +
+
The renderBlockingStatus getter steps are to return
blocking if
this's timing
@@ -780,25 +781,25 @@
The workerRouterEvaluationStart getter steps are to return
this's timing
- info's [=fetch timing info/service worker timing info=]'s
+ info
The workerCacheLookupStart getter steps are to return this's timing - info's [=fetch timing info/service worker timing info=]'s + info's [=fetch timing info/service worker timing info=]'s [=service worker timing info/worker cache lookup start=].
The workerMatchedRouterSource getter steps are to return this's timing - info's [=fetch timing info/service worker timing info=]'s + info's [=fetch timing info/service worker timing info=]'s [=service worker timing info/worker matched router source=].
The workerFinalRouterSource getter steps are to return this's timing - info's [=fetch timing info/service worker timing info=]'s + info's [=fetch timing info/service worker timing info=]'s [=service worker timing info/worker final router source=].
@@ -1061,7 +1062,7 @@
- Some of the properties, like {{PerformanceResourceTiming/contentType}}, - {{PerformanceResourceTiming/encodedBodySize}}, and + Some of the properties, like {{PerformanceResourceTiming/contentType}}, + {{PerformanceResourceTiming/encodedBodySize}}, and {{PerformanceResourceTiming/decodedBodySize}} are set to zero (or the empty string in the case of {{PerformanceResourceTiming/contentType}}) when the response is CORS-cross-origin. @@ -1100,6 +1099,15 @@
+ For more details, see HTTP Fetch #4 - the timing + allow check is only performed when there is no response from the service worker. + In addition, the [=response=] cloned in the {{FetchEvent/respondWith()}} algorithm does not carry the [=/fetch timing + info=] + of the internal fetch, as that information is attached to a fetch rather than to a [=response=]. +
"css", if the request is a result of processing a
- CSS url() directive such as @import
- url() or
+ CSS url() directive such as
+ @import
+ url() or
background: url();
[[CSS-VALUES]]
Some of the properties, like {{PerformanceResourceTiming/contentType}}, - {{PerformanceResourceTiming/encodedBodySize}}, and - {{PerformanceResourceTiming/decodedBodySize}} are set to zero (or the empty string in the case of - {{PerformanceResourceTiming/contentType}}) when the response is CORS-cross-origin. + and {{PerformanceResourceTiming/decodedBodySize}} are set to zero (or the empty string in the case of + {{PerformanceResourceTiming/contentType}}) when the response is CORS-cross-origin. - {{PerformanceResourceTiming/transferSize}} is affected both by the timing - allow check and by the CORS-cross-origin status. + {{PerformanceResourceTiming/encodedBodySize}} and {{PerformanceResourceTiming/transferSize}} are affected both by the + timing + allow check and by the CORS-cross-origin status.
From 6e1649a09e97d669959fac57480fc48ed42a1380 Mon Sep 17 00:00:00 2001
From: Noam Rosenthal
"css", if the request is a result of processing a
- CSS url() directive such as
- @import
- url() or
+ CSS url() directive such as @import
+ url() or
background: url();
[[CSS-VALUES]]
Some of the properties, like {{PerformanceResourceTiming/contentType}}, - and {{PerformanceResourceTiming/decodedBodySize}} are set to zero (or the empty string in the case of - {{PerformanceResourceTiming/contentType}}) when the response is CORS-cross-origin. + {{PerformanceResourceTiming/encodedBodySize}}, and + {{PerformanceResourceTiming/decodedBodySize}} are set to zero (or the empty string in the case of + {{PerformanceResourceTiming/contentType}}) when the response is CORS-cross-origin. - {{PerformanceResourceTiming/encodedBodySize}} and {{PerformanceResourceTiming/transferSize}} are affected both by the - timing - allow check and by the CORS-cross-origin status. + {{PerformanceResourceTiming/transferSize}} is affected both by the timing + allow check and by the CORS-cross-origin status.