[ResourceTiming] Update TAO-crossorigin-port.sub.html with new style

common/get-host-info.sub.js

@@ -10,6 +10,8 @@ function get_host_info() {
   var HTTPS_PORT2 = '{{ports[https][1]}}';
   var PROTOCOL = self.location.protocol;
   var IS_HTTPS = (PROTOCOL == "https:");
+  var PORT = IS_HTTPS ? HTTPS_PORT : HTTP_PORT;
+  var PORT2 = IS_HTTPS ? HTTPS_PORT2 : HTTP_PORT2;
   var HTTP_PORT_ELIDED = HTTP_PORT == "80" ? "" : (":" + HTTP_PORT);
   var HTTP_PORT2_ELIDED = HTTP_PORT2 == "80" ? "" : (":" + HTTP_PORT2);
   var HTTPS_PORT_ELIDED = HTTPS_PORT == "443" ? "" : (":" + HTTPS_PORT);
@@ -24,6 +26,8 @@ function get_host_info() {
     HTTP_PORT2: HTTP_PORT2,
     HTTPS_PORT: HTTPS_PORT,
     HTTPS_PORT2: HTTPS_PORT2,
+    PORT: PORT,
+    PORT2: PORT2,
     ORIGINAL_HOST: ORIGINAL_HOST,
     REMOTE_HOST: REMOTE_HOST,
 

resource-timing/TAO-port-mismatch-means-crossorigin.html

@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="utf-8" />
+<title>TAO - port mismatch must fail the check</title>
+<link rel="author" title="Google" href="http://www.google.com/" />
+<link rel="help" href="https://www.w3.org/TR/resource-timing-2/#sec-timing-allow-origin"/>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/entry-invariants.js"></script>
+<script>
+
+const {ORIGINAL_HOST, PORT, PORT2} = get_host_info();
+
+// The main page is being requested on the default port (PORT), while the
+// subresource will be requested on a separate port (PORT2). The response will
+// have a Timing-Allow-Origin header value with the second port so this page's
+// origin should not be a match.
+const port_mismatch_url = `${location.protocol}//${ORIGINAL_HOST}:${PORT2}` +
+                          `/resource-timing/resources/TAOResponse.py?` +
+                          `tao=origin_port_${PORT2}`;
+attribute_test(
+  fetch, port_mismatch_url, invariants.assert_tao_failure_resource,
+  "A port mismatch must fail the TAO check");
+
+// The same URL as above except the Timing-Allow-Origin header will have the
+// same port as this page's origin. Therefore, this page's origin will match
+// the Timing-Allow-Origin header's value. Therefore, the subresource's timings
+// must be exposed.
+const port_match_url = `${location.protocol}//${ORIGINAL_HOST}:${PORT2}` +
+                       `/resource-timing/resources/TAOResponse.py?` +
+                       `tao=origin_port_${PORT}`;
+attribute_test(
+  fetch, port_match_url, invariants.assert_tao_pass_no_redirect,
+  "An identical port must pass the TAO check");
+
+</script>
+</head>
+<body>
+<h1>Description</h1>
+<p>This test validates that for a cross origin resource with different ports,
+the timing allow check algorithm will fail when the value of
+Timing-Allow-Origin value has the right host but the wrong port in it.</p>
+</body>
+</html>

resource-timing/resources/entry-invariants.js

@@ -165,7 +165,32 @@ const invariants = {
 
     assert_equals(entry.fetchStart, entry.startTime,
       "fetchStart must equal startTime");
+  },
+
+  assert_tao_failure_resource: entry => {
+    assert_equals(entry.entryType, "resource", "entryType must always be 'resource'");
+
+    assert_positive_(entry, [
+      "startTime",
+      "duration",
+    ]);
+
+    assert_zeroed_(entry, [
+      "redirectStart",
+      "redirectEnd",
+      "domainLookupStart",
+      "domainLookupEnd",
+      "connectStart",
+      "connectEnd",
+      "secureConnectionStart",
+      "requestStart",
+      "responseStart",
+      "transferSize",
+      "encodedBodySize",
+      "decodedBodySize",
+    ]);
   }
+
 };
 
 const attribute_test_internal = (loader, path, validator, run_test, test_label) => {