Add UMA for header values in XHR's setRequestHeader() checked against RFC 7230

third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp

 /*
  *  Copyright (C) 2004, 2006, 2008 Apple Inc. All rights reserved.
  *  Copyright (C) 2005-2007 Alexey Proskuryakov <ap@webkit.org>
  *  Copyright (C) 2007, 2008 Julien Chaffraix <jchaffraix@webkit.org>
  *  Copyright (C) 2008, 2011 Google Inc. All rights reserved.
  *  Copyright (C) 2012 Intel Corporation
  *
  *  This library is free software; you can redistribute it and/or
  *  modify it under the terms of the GNU Lesser General Public
  *  License as published by the Free Software Foundation; either
@@ skipping 1156 matching lines @@
     if (!isValidHTTPToken(name)) {
         exceptionState.throwDOMException(SyntaxError, "'" + name + "' is not a valid HTTP header field name.");
         return;
     }
 
     if (!isValidHTTPHeaderValue(value)) {
         exceptionState.throwDOMException(SyntaxError, "'" + value + "' is not a valid HTTP header field value.");
         return;
     }
 
-    // Show deprecation warnings and count occurrences of such deprecated header values.
-    if (!value.isEmpty() && !isValidHTTPFieldContentRFC7230(value))
-        UseCounter::countDeprecation(executionContext(), UseCounter::HeaderValueNotMatchingRFC7230);
-
     // No script (privileged or not) can set unsafe headers.
     if (FetchUtils::isForbiddenHeaderName(name)) {
         logConsoleError(executionContext(), "Refused to set unsafe header \"" + name + "\"");
         return;
     }
 
     setRequestHeaderInternal(name, value);
 }
 
 void XMLHttpRequest::setRequestHeaderInternal(const AtomicString& name, const AtomicString& value)
 {
+    // We show deprecation warnings if |value| is still invalid header value
+    // after normalization (i.e. contains invalid octets).
+    String normalizedValue = FetchUtils::normalizeHeaderValue(value);
+    if (!normalizedValue.isEmpty() && !isValidHTTPFieldContentRFC7230(normalizedValue))
+        UseCounter::countDeprecation(executionContext(), UseCounter::HeaderValueNotMatchingRFC7230);
+
     HTTPHeaderMap::AddResult result = m_requestHeaders.add(name, value);
-    if (!result.isNewEntry)
-        result.storedValue->value = result.storedValue->value + ", " + value;
+    if (result.isNewEntry)
+        return;
+
+    AtomicString newValue = result.storedValue->value + ", " + value;
+
+    // We show deprecation warnings if this call to setRequestHeader() is
+    // affected by header value normalization.
+    // Without normalization at XHR level here, the actual header value
+    // sent to the network is |newValue| with leading/trailing whitespaces
+    // stripped (i.e. |normalizeHeaderValue(newValue)|).
+    // With normalization at XHR level here as the spec requires, the
+    // actual header value sent to the network is |normalizedNewValue|.
+    // If these two are different, introducing normalization here affects
+    // the header value sent to the network so we show warnings.
+    String normalizedNewValue = FetchUtils::normalizeHeaderValue(result.storedValue->value) + ", " + FetchUtils::normalizeHeaderValue(value);
+    if (FetchUtils::normalizeHeaderValue(newValue) != normalizedNewValue)
+        UseCounter::countDeprecation(executionContext(), UseCounter::XHRSetRequestHeaderAffectedByNormalization);
+
+    result.storedValue->value = newValue;
 }
 
 const AtomicString& XMLHttpRequest::getRequestHeader(const AtomicString& name) const
 {
     return m_requestHeaders.get(name);
 }
 
 String XMLHttpRequest::getAllResponseHeaders() const
 {
     if (m_state < HEADERS_RECEIVED || m_error)
@@ skipping 483 matching lines @@
     visitor->trace(m_responseDocumentParser);
     visitor->trace(m_progressEventThrottle);
     visitor->trace(m_upload);
     visitor->trace(m_blobLoader);
     XMLHttpRequestEventTarget::trace(visitor);
     DocumentParserClient::trace(visitor);
     ActiveDOMObject::trace(visitor);
 }
 
 } // namespace blink