workerStart should be gated on same-origin check

[yoavweiss]

Spinoff from w3c/resource-timing#118

workerStart exposes new information, so in the case of navigation redirects it should not be exposed unless all the redirects pass the timing-allow check.

[yoavweiss]

/cc @nhelfman

[yoavweiss]

As discussed in #104, we're moving away from Timing Allow checks towards same-origin checks for Navigation Timing.

[nicjansma]

Addressed in #131.

Note that change does not use the "same-origin check" directly, as that would 0 out workerStart (which only exposes data about the current origin) whenever the navigation starts from another origin. This would make workerStart not very valuable in cases like clicks to a page from a search result page.

The "same-origin check" would also leave this as 0 if there were any cross-origin redirects before the final origin (whether that final origin has redirects or not).

Since workerStart is only information about the final origin, it shouldn't need the same level of protection as the "same-origin check", we just want to make sure workerStart doesn't leak anything about the previous cross origins (e.g. from cross-origin redirects before the final origin).

Instead, we define workerStart as the startup time of the SW for the final origin (and the first request of those if it has redirects).

[noamr]

See #160 and related issues.

[noamr]

Closing. I don't think this issue needs to be handled separately from #160