204375 2019-11-19 14:09:53 -0800 Fix Timing-Allow-Origin check in ResourceTiming 2019-11-22 16:05:12 -0800 1 1 1 Unclassified WebKit New Bugs WebKit Nightly Build Unspecified Unspecified NEW InRadar P2 Normal --- 1 npm webkit-unassigned achristensen webkit-bug-importer oldest_to_newest 1591693 0 npm 2019-11-19 14:09:53 -0800 In https://github.com/web-platform-tests/wpt/pull/20320 I added a test to check the behavior landing in https://github.com/whatwg/fetch/pull/955. Essentially there are two changes: Same-origin check is replaced with 'response tainting' from Fetch. When Fetch's 'tainted origin flag' is set, having a TAO header equal to the request origin is not a valid way to pass the TAO check (instead, requires '*' or 'null'). Use https://wpt.fyi/results/resource-timing/crossorigin-sandwich-TAO.sub.html?label=master&label=experimental to know whether this passes on Safari (probably doesn't but hasn't loaded the test yet). 1593088 1 webkit-bug-importer 2019-11-22 16:05:12 -0800 <rdar://problem/57444359>