third_party/WebKit/Source/core/loader/FrameFetchContext.cpp - Issue 1868413002: Add about:flags support for doc.write script blocking.

Side by Side Diff: third_party/WebKit/Source/core/loader/FrameFetchContext.cpp

Issue 1868413002: Add about:flags support for doc.write script blocking. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 4 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« third_party/WebKit/LayoutTests/http/tests/loading/doc-write-sync-third-party-script-conn-type.html ('K') | « third_party/WebKit/Source/core/frame/Settings.in ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 2013 Google Inc. All rights reserved.	2 * Copyright (C) 2013 Google Inc. All rights reserved.

3 *	3 *

4 * Redistribution and use in source and binary forms, with or without	4 * Redistribution and use in source and binary forms, with or without

5 * modification, are permitted provided that the following conditions are	5 * modification, are permitted provided that the following conditions are

6 * met:	6 * met:

7 *	7 *

8 * * Redistributions of source code must retain the above copyright	8 * * Redistributions of source code must retain the above copyright

9 * notice, this list of conditions and the following disclaimer.	9 * notice, this list of conditions and the following disclaimer.

10 * * Redistributions in binary form must reproduce the above	10 * * Redistributions in binary form must reproduce the above

(...skipping 57 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
68 #include "platform/network/ResourceTimingInfo.h"	68 #include "platform/network/ResourceTimingInfo.h"

69 #include "platform/weborigin/SchemeRegistry.h"	69 #include "platform/weborigin/SchemeRegistry.h"

70 #include "platform/weborigin/SecurityPolicy.h"	70 #include "platform/weborigin/SecurityPolicy.h"

71 #include "public/platform/WebCachePolicy.h"	71 #include "public/platform/WebCachePolicy.h"

72 #include "public/platform/WebFrameScheduler.h"	72 #include "public/platform/WebFrameScheduler.h"

73	73

74 #include <algorithm>	74 #include <algorithm>

75	75

76 namespace blink {	76 namespace blink {

77	77

	78 namespace {

	79

	80 bool ShouldDisallowFetchForMainFrameScript(const ResourceRequest& request, Fetch Request::DeferOption defer, Document& document)
	shivanisha 2016/04/11 14:26:56 const Document& const Document& Bryan McQuade 2016/04/11 16:28:30 Done. I had to make Document::isInDocumentWrite a Show quoted text On 2016/04/11 at 14:26:56, shivanisha wrote: > const Document& Done. I had to make Document::isInDocumentWrite a const method to enable this (seems like a good change).
	81 {

	82 // Only scripts inserted via document.write are candidates for having their

	83 // fetch disallowed.

	84 if (!document.isInDocumentWrite()) {

	85 return false;

	86 }

	87

	88 if (!document.settings()) {

	89 return false;

	90 }

	91

	92 // By default, only block on slow connections where the performance penalty

	93 // is worst case. For now we restrict slow connections to 2G, in future this

	94 // might be expanded using the network quality estimator. Additionally, if

	95 // the disallowFetchForDocWrittenScriptsInMainFrame setting is specified,

	96 // block regardless of connection type. This setting is intended for testing

	97 // out doc.write script blocking without having to be on a slow connection.

	98 const bool isSlowConnection = networkStateNotifier().connectionType() == Web ConnectionTypeCellular2G;

	99 const bool disallowFetch = document.settings()->disallowFetchForDocWrittenSc riptsInMainFrame() \|\| (document.settings()->disallowFetchForDocWrittenScriptsInM ainFrameOnSlowConnections() && isSlowConnection);
	shivanisha 2016/04/11 14:26:56 do frame()->settings() and document.settings() alw do frame()->settings() and document.settings() always evaluate to same? Bryan McQuade 2016/04/11 16:28:30 Yeah - Document::settings is implemented as: Setti Show quoted text On 2016/04/11 at 14:26:56, shivanisha wrote: > do frame()->settings() and document.settings() always evaluate to same? Yeah - Document::settings is implemented as: Settings* Document::settings() const { return m_frame ? m_frame->settings() : 0; } So assuming the frame we have is the same frame that the document has (would be a bug if not) they should return the same value.
	100 if (!disallowFetch) {

	101 return false;

	102 }

	103

	104 // Only block synchronously loaded scripts.

	105 if (defer != FetchRequest::NoDefer) {

	106 return false;

	107 }

	108

	109 // Not blocking same origin scripts as they may be used to render main page

	110 // content whereas cross-origin scripts inserted via document.write are

	111 // likely to be third party content.

	112 if (request.url().host() == document.getSecurityOrigin()->domain()) {

	113 return false;

	114 }

	115

	116 return true;

	117 }

	118

	119 } // namespace

	120

78 FrameFetchContext::FrameFetchContext(DocumentLoader* loader, Document* document)	121 FrameFetchContext::FrameFetchContext(DocumentLoader* loader, Document* document)

79 : m_document(document)	122 : m_document(document)

80 , m_documentLoader(loader)	123 , m_documentLoader(loader)

81 , m_imageFetched(false)	124 , m_imageFetched(false)

82 {	125 {

83 ASSERT(frame());	126 ASSERT(frame());

84 }	127 }

85	128

86 FrameFetchContext::~FrameFetchContext()	129 FrameFetchContext::~FrameFetchContext()

87 {	130 {

(...skipping 110 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
198 return WebCachePolicy::BypassingCache;	241 return WebCachePolicy::BypassingCache;

199 if (frameLoadType == FrameLoadTypeReload)	242 if (frameLoadType == FrameLoadTypeReload)

200 return WebCachePolicy::ValidatingCacheData;	243 return WebCachePolicy::ValidatingCacheData;

201 }	244 }

202 return WebCachePolicy::UseProtocolCachePolicy;	245 return WebCachePolicy::UseProtocolCachePolicy;

203 }	246 }

204	247

205 // For users on slow connections, we want to avoid blocking the parser in	248 // For users on slow connections, we want to avoid blocking the parser in

206 // the main frame on script loads inserted via document.write, since it can	249 // the main frame on script loads inserted via document.write, since it can

207 // add significant delays before page content is displayed on the screen.	250 // add significant delays before page content is displayed on the screen.

208 if (type == Resource::Script && isMainFrame()) {	251 if (type == Resource::Script && isMainFrame() && m_document && ShouldDisallo wFetchForMainFrameScript(request, defer, *m_document)) {

209 const bool isInDocumentWrite = m_document && m_document->isInDocumentWri te();	252 return WebCachePolicy::ReturnCacheDataDontLoad;

210 const bool disallowFetchForDocWriteScripts = frame()->settings() && fram e()->settings()->disallowFetchForDocWrittenScriptsInMainFrame();

211

212 if (isInDocumentWrite && disallowFetchForDocWriteScripts) {

213 // only synchronously loaded scripts should be blocked

214 const bool isSync = defer == FetchRequest::NoDefer;

215

216 // Not blocking same origin scripts as they may be used to render ma in page content

217 // whereas cross-origin scripts inserted via document.write are like ly

218 // for third party content.

219 const bool isThirdParty = request.url().host() != m_document->getSec urityOrigin()->domain();

220

221 // Only blocking in slow connections where the performance penalty i s worst case.

222 // For now we restrict slow connections to 2G, in future this might be expanded using the

223 // network quality estimator.

224 const bool isSlowConnection = networkStateNotifier().connectionType( ) == WebConnectionTypeCellular2G;

225

226 if (isSync && isThirdParty && isSlowConnection)

227 return WebCachePolicy::ReturnCacheDataDontLoad;

228 }

229 }	253 }

230	254

231 if (request.isConditional())	255 if (request.isConditional())

232 return WebCachePolicy::ValidatingCacheData;	256 return WebCachePolicy::ValidatingCacheData;

233	257

234 if (m_documentLoader && m_document && !m_document->loadEventFinished()) {	258 if (m_documentLoader && m_document && !m_document->loadEventFinished()) {

235 // For POST requests, we mutate the main resource's cache policy to avoi d form resubmission.	259 // For POST requests, we mutate the main resource's cache policy to avoi d form resubmission.

236 // This policy should not be inherited by subresources.	260 // This policy should not be inherited by subresources.

237 WebCachePolicy mainResourceCachePolicy = m_documentLoader->request().get CachePolicy();	261 WebCachePolicy mainResourceCachePolicy = m_documentLoader->request().get CachePolicy();

238 if (m_documentLoader->request().httpMethod() == "POST") {	262 if (m_documentLoader->request().httpMethod() == "POST") {

(...skipping 542 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
781 }	805 }

782	806

783 DEFINE_TRACE(FrameFetchContext)	807 DEFINE_TRACE(FrameFetchContext)

784 {	808 {

785 visitor->trace(m_document);	809 visitor->trace(m_document);

786 visitor->trace(m_documentLoader);	810 visitor->trace(m_documentLoader);

787 FetchContext::trace(visitor);	811 FetchContext::trace(visitor);

788 }	812 }

789	813

790 } // namespace blink	814 } // namespace blink

OLD	NEW