[resource-timing] nextHopProtocol on iframes should be TAO protected
Implements https://github.com/w3c/resource-timing/pull/224
Bug: 1049510
Change-Id: Id8fc4b3a4de72b6a51c820a2352d88bea65c935f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2047023
Auto-Submit: Yoav Weiss <yoavweiss@chromium.org>
Commit-Queue: Yoav Weiss <yoavweiss@chromium.org>
Reviewed-by: Matt Falkenhagen <falken@chromium.org>
Reviewed-by: Ben Kelly <wanderview@chromium.org>
Reviewed-by: Annie Sullivan <sullivan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#740624}
diff --git a/resource-timing/nextHopProtocol-tao-protected.https.html b/resource-timing/nextHopProtocol-tao-protected.https.html
new file mode 100644
index 0000000..1b2b030
--- /dev/null
+++ b/resource-timing/nextHopProtocol-tao-protected.https.html
@@ -0,0 +1,65 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="utf-8" />
+<meta name=timeout content=long>
+<title>Resource Timing - Check that nextHopProtocol is TAO protected</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+</head>
+<body>
+<script>
+
+const addFrame = url => {
+ const iframe = document.createElement("iframe");
+ iframe.src = url;
+ document.body.appendChild(iframe);
+};
+
+const host_info = get_host_info();
+
+// Add iframe to remote origin - page without TAO
+promise_test(t => {
+ return new Promise((resolve, reject) => {
+ const observer = new PerformanceObserver(list => {
+ const entries = list.getEntries();
+ for (entry of entries) {
+ if (entry.name.includes("blank_page_green.htm")) {
+ observer.disconnect();
+ // Observe its performance entry to make sure nextHopProtocol is empty
+ if (entry.nextHopProtocol != "") {
+ reject("nextHopProtocol should be the empty string");
+ }
+ resolve();
+ }
+ }
+ });
+ observer.observe({entryTypes: ["resource"]});
+ addFrame(host_info.HTTPS_REMOTE_ORIGIN + "/resource-timing/resources/blank_page_green.htm");
+ });
+}, "Add TAO-less iframe to remote origin. Make sure nextHopProtocol is the empty string");
+
+// Add iframe to remote origin - page with TAO
+promise_test(t => {
+ return new Promise((resolve, reject) => {
+ const observer = new PerformanceObserver(list => {
+ const entries = list.getEntries();
+ for (entry of entries) {
+ if (entry.name.includes("blank-with-tao.html")) {
+ observer.disconnect();
+ // Observe its performance entry to make sure nextHopProtocol is empty
+ if (entry.nextHopProtocol == "") {
+ reject("nextHopProtocol should not be the empty string");
+ }
+ resolve();
+ }
+ }
+ });
+ observer.observe({entryTypes: ["resource"]});
+ addFrame(host_info.HTTPS_REMOTE_ORIGIN + "/resource-timing/resources/blank-with-tao.html");
+ });
+}, "Add TAO iframe to remote origin. Make sure nextHopProtocol is not the empty string");
+</script>
+</body>
+</html>