Add use counter for multiple origins in Timing-Allow-Origin

third_party/WebKit/Source/core/timing/PerformanceBase.cpp

 /*
  * Copyright (C) 2010 Google Inc. All rights reserved.
  * Copyright (C) 2012 Intel Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
@@ skipping 15 matching lines @@
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #include "core/timing/PerformanceBase.h"
 
 #include "core/dom/Document.h"
 #include "core/events/Event.h"
+#include "core/frame/UseCounter.h"
 #include "core/timing/PerformanceCompositeTiming.h"
 #include "core/timing/PerformanceObserver.h"
 #include "core/timing/PerformanceRenderTiming.h"
 #include "core/timing/PerformanceResourceTiming.h"
 #include "core/timing/PerformanceUserTiming.h"
 #include "platform/network/ResourceTimingInfo.h"
 #include "platform/weborigin/SecurityOrigin.h"
 #include "wtf/CurrentTime.h"
 #include <algorithm>
 
@@ skipping 132 matching lines @@
     m_frameTimingBuffer.clear();
 }
 
 void PerformanceBase::setFrameTimingBufferSize(unsigned size)
 {
     m_frameTimingBufferSize = size;
     if (isFrameTimingBufferFull())
         dispatchEvent(Event::create(EventTypeNames::frametimingbufferfull));
 }
 
-static bool passesTimingAllowCheck(const ResourceResponse& response, const SecurityOrigin& initiatorSecurityOrigin, const AtomicString& originalTimingAllowOrigin)
+static bool passesTimingAllowCheck(const ResourceResponse& response, const SecurityOrigin& initiatorSecurityOrigin, const AtomicString& originalTimingAllowOrigin, ExecutionContext* context)
 {
     RefPtr<SecurityOrigin> resourceOrigin = SecurityOrigin::create(response.url());
     if (resourceOrigin->isSameSchemeHostPort(&initiatorSecurityOrigin))
         return true;
 
     const AtomicString& timingAllowOriginString = originalTimingAllowOrigin.isEmpty() ? response.httpHeaderField(HTTPNames::Timing_Allow_Origin) : originalTimingAllowOrigin;
     if (timingAllowOriginString.isEmpty() || equalIgnoringCase(timingAllowOriginString, "null"))
         return false;
 
-    if (timingAllowOriginString == "*")
+    if (timingAllowOriginString == "*") {
+        UseCounter::count(context, UseCounter::StarInTimingAllowOrigin);
         return true;
+    }
 
     const String& securityOrigin = initiatorSecurityOrigin.toString();
     Vector<String> timingAllowOrigins;
     timingAllowOriginString.getString().split(' ', timingAllowOrigins);
+    if (timingAllowOrigins.size() > 1)
+        UseCounter::count(context, UseCounter::MultipleOriginsInTimingAllowOrigin);
+    else if (timingAllowOrigins.size() == 1)
+        UseCounter::count(context, UseCounter::SingleOriginInTimingAllowOrigin);
     for (const String& allowOrigin : timingAllowOrigins) {
         if (allowOrigin == securityOrigin)
             return true;
     }
 
     return false;
 }
 
-static bool allowsTimingRedirect(const Vector<ResourceResponse>& redirectChain, const ResourceResponse& finalResponse, const SecurityOrigin& initiatorSecurityOrigin)
+static bool allowsTimingRedirect(const Vector<ResourceResponse>& redirectChain, const ResourceResponse& finalResponse, const SecurityOrigin& initiatorSecurityOrigin, ExecutionContext* context)
 {
-    if (!passesTimingAllowCheck(finalResponse, initiatorSecurityOrigin, AtomicString()))
+    if (!passesTimingAllowCheck(finalResponse, initiatorSecurityOrigin, AtomicString(), context))
         return false;
 
     for (const ResourceResponse& response : redirectChain) {
-        if (!passesTimingAllowCheck(response, initiatorSecurityOrigin, AtomicString()))
+        if (!passesTimingAllowCheck(response, initiatorSecurityOrigin, AtomicString(), context))
             return false;
     }
 
     return true;
 }
 
 void PerformanceBase::addResourceTiming(const ResourceTimingInfo& info)
 {
     if (isResourceTimingBufferFull() && !hasObserverFor(PerformanceEntry::Resource))
         return;
     SecurityOrigin* securityOrigin = nullptr;
-    if (ExecutionContext* context = getExecutionContext())
+    ExecutionContext* context = getExecutionContext();
+    if (context)
         securityOrigin = context->getSecurityOrigin();
     if (!securityOrigin)
         return;
 
     const ResourceResponse& finalResponse = info.finalResponse();
-    bool allowTimingDetails = passesTimingAllowCheck(finalResponse, *securityOrigin, info.originalTimingAllowOrigin());
+    bool allowTimingDetails = passesTimingAllowCheck(finalResponse, *securityOrigin, info.originalTimingAllowOrigin(), getExecutionContext());
     double startTime = info.initialTime();
 
     if (info.redirectChain().isEmpty()) {
         PerformanceEntry* entry = PerformanceResourceTiming::create(info, timeOrigin(), startTime, allowTimingDetails);
         notifyObserversOfEntry(*entry);
         if (!isResourceTimingBufferFull())
             addResourceTimingBuffer(*entry);
         return;
     }
 
     const Vector<ResourceResponse>& redirectChain = info.redirectChain();
-    bool allowRedirectDetails = allowsTimingRedirect(redirectChain, finalResponse, *securityOrigin);
+    bool allowRedirectDetails = allowsTimingRedirect(redirectChain, finalResponse, *securityOrigin, context);
 
     if (!allowRedirectDetails) {
         ResourceLoadTiming* finalTiming = finalResponse.resourceLoadTiming();
         ASSERT(finalTiming);
         if (finalTiming)
             startTime = finalTiming->requestTime();
     }
 
     ResourceLoadTiming* lastRedirectTiming = redirectChain.last().resourceLoadTiming();
     ASSERT(lastRedirectTiming);
@@ skipping 188 matching lines @@
     visitor->trace(m_frameTimingBuffer);
     visitor->trace(m_resourceTimingBuffer);
     visitor->trace(m_userTiming);
     visitor->trace(m_observers);
     visitor->trace(m_activeObservers);
     visitor->trace(m_suspendedObservers);
     EventTargetWithInlineData::trace(visitor);
 }
 
 } // namespace blink