Add UMA for header values in XHR's setRequestHeader() checked against RFC 7230

third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp

 /*
  *  Copyright (C) 2004, 2006, 2008 Apple Inc. All rights reserved.
  *  Copyright (C) 2005-2007 Alexey Proskuryakov <ap@webkit.org>
  *  Copyright (C) 2007, 2008 Julien Chaffraix <jchaffraix@webkit.org>
  *  Copyright (C) 2008, 2011 Google Inc. All rights reserved.
  *  Copyright (C) 2012 Intel Corporation
  *
  *  This library is free software; you can redistribute it and/or
  *  modify it under the terms of the GNU Lesser General Public
  *  License as published by the Free Software Foundation; either
@@ skipping 52 matching lines @@
 #include "core/xmlhttprequest/XMLHttpRequestProgressEvent.h"
 #include "core/xmlhttprequest/XMLHttpRequestUpload.h"
 #include "platform/Logging.h"
 #include "platform/RuntimeEnabledFeatures.h"
 #include "platform/SharedBuffer.h"
 #include "platform/blob/BlobData.h"
 #include "platform/network/HTTPParsers.h"
 #include "platform/network/ParsedContentType.h"
 #include "platform/network/ResourceError.h"
 #include "platform/network/ResourceRequest.h"
+#include "public/platform/Platform.h"
 #include "public/platform/WebURLRequest.h"
 #include "wtf/Assertions.h"
 #include "wtf/StdLibExtras.h"
 #include "wtf/text/CString.h"
 
 namespace blink {
 
 namespace {
 
 // This class protects the wrapper of the associated XMLHttpRequest object
@@ skipping 41 matching lines @@
 
 void logConsoleError(ExecutionContext* context, const String& message)
 {
     if (!context)
         return;
     // FIXME: It's not good to report the bad usage without indicating what source line it came from.
     // We should pass additional parameters so we can tell the console where the mistake occurred.
     context->addConsoleMessage(ConsoleMessage::create(JSMessageSource, ErrorMessageLevel, message));
 }
 
+enum HeaderValueCategoryByRFC7230 {
+    HeaderValueInvalid,
+    HeaderValueAffectedByNormalization,
+    HeaderValueValid,
+    HeaderValueCategoryByRFC7230End
+};
+
 } // namespace
 
 class XMLHttpRequest::BlobLoader final : public GarbageCollectedFinalized<XMLHttpRequest::BlobLoader>, public FileReaderLoaderClient {
 public:
     static BlobLoader* create(XMLHttpRequest* xhr, PassRefPtr<BlobDataHandle> handle)
     {
         return new BlobLoader(xhr, handle);
     }
 
     // FileReaderLoaderClient functions.
@@ skipping 1023 matching lines @@
     if (!isValidHTTPToken(name)) {
         exceptionState.throwDOMException(SyntaxError, "'" + name + "' is not a valid HTTP header field name.");
         return;
     }
 
     if (!isValidHTTPHeaderValue(value)) {
         exceptionState.throwDOMException(SyntaxError, "'" + value + "' is not a valid HTTP header field value.");
         return;
     }
 
-    // Show deprecation warnings and count occurrences of such deprecated header values.
-    if (!value.isEmpty() && !isValidHTTPFieldContentRFC7230(value))
-        UseCounter::countDeprecation(executionContext(), UseCounter::HeaderValueNotMatchingRFC7230);
-
     // No script (privileged or not) can set unsafe headers.
     if (FetchUtils::isForbiddenHeaderName(name)) {
         logConsoleError(executionContext(), "Refused to set unsafe header \"" + name + "\"");
         return;
     }
 
     setRequestHeaderInternal(name, value);
 }
 
 void XMLHttpRequest::setRequestHeaderInternal(const AtomicString& name, const AtomicString& value)
 {
+    HeaderValueCategoryByRFC7230 headerValueCategory = HeaderValueValid;
+
     HTTPHeaderMap::AddResult result = m_requestHeaders.add(name, value);
-    if (!result.isNewEntry)
-        result.storedValue->value = result.storedValue->value + ", " + value;
+    if (!result.isNewEntry) {
+        AtomicString newValue = result.storedValue->value + ", " + value;
+
+        // Without normalization at XHR level here, the actual header value
+        // sent to the network is |newValue| with leading/trailing whitespaces
+        // stripped (i.e. |normalizeHeaderValue(newValue)|).
+        // With normalization at XHR level here as the spec requires, the
+        // actual header value sent to the network is |normalizedNewValue|.
+        // If these two are different, introducing normalization here affects
+        // the header value sent to the network.
+        String normalizedNewValue = FetchUtils::normalizeHeaderValue(result.storedValue->value) + ", " + FetchUtils::normalizeHeaderValue(value);
+        if (FetchUtils::normalizeHeaderValue(newValue) != normalizedNewValue)
+            headerValueCategory = HeaderValueAffectedByNormalization;
+
+        result.storedValue->value = newValue;
+    }
+
+    String normalizedValue = FetchUtils::normalizeHeaderValue(value);
+    if (!normalizedValue.isEmpty() && !isValidHTTPFieldContentRFC7230(normalizedValue))
+        headerValueCategory = HeaderValueInvalid;
+
+    Platform::current()->histogramEnumeration("Blink.XHR.setRequestHeader.HeaderValueCategoryInRFC7230", headerValueCategory, HeaderValueCategoryByRFC7230End);
 }
 
 const AtomicString& XMLHttpRequest::getRequestHeader(const AtomicString& name) const
 {
     return m_requestHeaders.get(name);
 }
 
 String XMLHttpRequest::getAllResponseHeaders() const
 {
     if (m_state < HEADERS_RECEIVED || m_error)
@@ skipping 483 matching lines @@
     visitor->trace(m_responseDocumentParser);
     visitor->trace(m_progressEventThrottle);
     visitor->trace(m_upload);
     visitor->trace(m_blobLoader);
     XMLHttpRequestEventTarget::trace(visitor);
     DocumentParserClient::trace(visitor);
     ActiveDOMObject::trace(visitor);
 }
 
 } // namespace blink