Add ability to prime URL metrics

[b1ink0]

Summary

Fixes #1311

Relevant technical choices

This PR introduces a new mechanism for priming URL metrics across the site. It uses a newly added submenu page in the Tools menu and automatically primes URL metrics when a post is saved in the block editor.

Demos

Settings page with debugging off:

Settings.Page.mp4

Settings page with debugging on:

Settings.Page.With.Debug.mp4

Saving post in Block Editor:

Block.Editor.mp4

[codecov]

Codecov Report

Attention: Patch coverage is 16.50485% with 258 lines in your changes missing coverage. Please review.

Project coverage is 64.43%. Comparing base (e845dd8) to head (969f6b5).
Report is 38 commits behind head on trunk.

Files with missing lines	Patch %	Lines
plugins/optimization-detective/helper.php	1.07%	184 Missing ⚠️
...lugins/optimization-detective/storage/rest-api.php	50.00%	49 Missing ⚠️
plugins/optimization-detective/settings.php	0.00%	24 Missing ⚠️
plugins/optimization-detective/load.php	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##            trunk    #1850      +/-   ##
==========================================
- Coverage   66.36%   64.43%   -1.94%     
==========================================
  Files          88       89       +1     
  Lines        6975     7318     +343     
==========================================
+ Hits         4629     4715      +86     
- Misses       2346     2603     +257     

Flag	Coverage Δ
multisite	64.43% <16.50%> (-1.94%)	⬇️
single	35.73% <0.00%> (-1.76%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[b1ink0]

Authentication for REST API

• WP Nonce Limitation: The default WordPress (WP) nonce does not function correctly when generated for the parent page and then passed to an iframe for REST API requests.

• Custom Token Authentication: To address this, I have added a custom token-based authentication mechanism. This generates a time-limited token used to authenticate REST API requests made via the iframe.

In #1835 PR, WP nonces are introduced for REST API requests for logged-in users. This may allow us to eliminate the custom token authentication if URL metrics are collected exclusively from logged-in users.

[b1ink0]

Currently if the IFRAME shares the same origin as the parent, then it allows it to access the parent session. This ensures that the user session in the page loaded within the iframe (which is a frontend page) matches the logged-in user of the WordPress dashboard.

But if the WordPress admin dashboard and the frontend have different origins, WP nonces won’t work for REST API authentication because the iframe will not recognize the logged-in session. As the different origin does not allow iframe to access parents session. For context I am talking about the REST nonce introduced in #1835.

[b1ink0]

As the detect.js requires the iframe to be visible in the viewport to resolve the onLCP promise. Traditional methods like moving the iframe off-screen using translate, setting visibility: hidden, or opacity: 0 cause the promise to hang.

performance/plugins/optimization-detective/detect.js

Lines 496 to 503 in 6ca5c4b

	// Obtain at least one LCP candidate. More may be reported before the page finishes loading.
	await new Promise( ( resolve ) => {
	onLCP(
	( /** @type LCPMetric */ metric ) => {
	lcpMetricCandidates.push( metric );
	resolve();
	},
	{

I am using a workaround using the following CSS to keep the iframe minimally visible and functional:

  position: fixed;
  top: 0px;
  left: 0px;
  transform: scale(0.05);
  transform-origin: 0px 0px;
  pointer-events: none;
  opacity: 1e-6;
  z-index: -9999;

[b1ink0]

Parent and IFRAME communication is handled via postMessage. A message is sent to the parent, and the promise resolves immediately.

If the promise isn't resolved immediately, navigating to a new URL causes the code following the promise to never execute. This is because changing the iframe.src does not trigger events like pagehide, pageswap, or visibilitychange.

performance/plugins/optimization-detective/detect.js

Lines 568 to 569 in 6ca5c4b

	// Wait for the page to be hidden.
	await new Promise( ( resolve ) => {

[westonruter]

I wonder. Do we even need to post a message here? As soon as the iframe is destroyed won't it automatically cause the URL Metric to be sent, right?

[b1ink0]

The problem is we need to signal the parent that we can move to next URL or breakpoint using postMessage as the load event can't be used. Check this comment for detailed explanation #1850 (comment) .

Will it makes sense to send the postMessage after the navigator.sendBeacon then?

[westonruter]

Yes, I think it makes sense to send the message after the beacon is sent, definitely.

[b1ink0]

Currently I have only added one button which can start/pause/resume URL metrics priming and a progress bar indicating the current batch's progress.

ui.mp4

I would like to get suggestions on the UI to improve it.

[b1ink0]

I have added a batch function with a cursor mechanism to fetch URLs in manageable chunks. The current default batch size is set to 10, which seems too low. I would like to get suggestion on optimal batch size.

This function also got complex because of the need of handling multiple layers, including providers, provider subtypes, and pages of each subtype for batching.

[b1ink0]

Since WP sitemaps only provide post URLs, a custom WHERE clause was needed to be added to WP_Query to filter out URLs that are already primed. This is done based on the post_title.

[b1ink0]

Currently, the helper function and REST API endpoints has been added to existing files. Should we consider moving it to a new folder named admin for better organization?

[b1ink0]

What would be the good naming conventions for these helper function for priming URLs?

[westonruter]

Instead of this, what about listening to the load event on the iframe?

[b1ink0]

The reason is that the load event fires when the document has been fully processed. However, load does not wait for the async and await operations used in detect.js. From my testing, I found that the detect function gets stuck on await import(webVitalsLibrarySrc), waiting for the promise to resolve. However, before this promise is fulfilled, the load event is triggered, causing the IFRAME to navigate to the next URL or a breakpoint change. Changing the IFRAME's src destroys the JavaScript execution, preventing the code from progressing past await import(webVitalsLibrarySrc). Because of this reason I have used the postMessage for communication.

[westonruter]

That makes sense, yes. In fact, the plugin explicitly waits for load event to even start doing anything:

performance/plugins/optimization-detective/detect.js

Lines 416 to 423 in e845dd8

	// Wait until the resources on the page have fully loaded.
	await new Promise( ( resolve ) => {
	if ( doc.readyState === 'complete' ) {
	resolve();
	} else {
	win.addEventListener( 'load', resolve, { once: true } );
	}
	} );

So it makes sense that the iframe's load event would fire before we do any detection.