Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(318)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/timing/PerformanceBase.cpp

Issue 2178973002: Add use counter for multiple origins in Timing-Allow-Origin (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rebase Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/Source/core/frame/UseCounter.h ('k') | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/core/timing/PerformanceBase.cpp
diff --git a/third_party/WebKit/Source/core/timing/PerformanceBase.cpp b/third_party/WebKit/Source/core/timing/PerformanceBase.cpp
index 87d4f3fec03470799708fe2d43a13bedef5eef3f..2ebfe14288d3c697beb95b292b619a925edd2f0c 100644
--- a/third_party/WebKit/Source/core/timing/PerformanceBase.cpp
+++ b/third_party/WebKit/Source/core/timing/PerformanceBase.cpp
@@ -33,6 +33,7 @@
#include "core/dom/Document.h"
#include "core/events/Event.h"
+#include "core/frame/UseCounter.h"
#include "core/timing/PerformanceCompositeTiming.h"
#include "core/timing/PerformanceObserver.h"
#include "core/timing/PerformanceRenderTiming.h"
@@ -185,7 +186,7 @@ void PerformanceBase::setFrameTimingBufferSize(unsigned size)
dispatchEvent(Event::create(EventTypeNames::frametimingbufferfull));
}
-static bool passesTimingAllowCheck(const ResourceResponse& response, const SecurityOrigin& initiatorSecurityOrigin, const AtomicString& originalTimingAllowOrigin)
+static bool passesTimingAllowCheck(const ResourceResponse& response, const SecurityOrigin& initiatorSecurityOrigin, const AtomicString& originalTimingAllowOrigin, ExecutionContext* context)
{
RefPtr<SecurityOrigin> resourceOrigin = SecurityOrigin::create(response.url());
if (resourceOrigin->isSameSchemeHostPort(&initiatorSecurityOrigin))
@@ -195,12 +196,18 @@ static bool passesTimingAllowCheck(const ResourceResponse& response, const Secur
if (timingAllowOriginString.isEmpty() || equalIgnoringCase(timingAllowOriginString, "null"))
return false;
- if (timingAllowOriginString == "*")
+ if (timingAllowOriginString == "*") {
+ UseCounter::count(context, UseCounter::StarInTimingAllowOrigin);
return true;
+ }
const String& securityOrigin = initiatorSecurityOrigin.toString();
Vector<String> timingAllowOrigins;
timingAllowOriginString.getString().split(' ', timingAllowOrigins);
+ if (timingAllowOrigins.size() > 1)
+ UseCounter::count(context, UseCounter::MultipleOriginsInTimingAllowOrigin);
+ else if (timingAllowOrigins.size() == 1)
+ UseCounter::count(context, UseCounter::SingleOriginInTimingAllowOrigin);
for (const String& allowOrigin : timingAllowOrigins) {
if (allowOrigin == securityOrigin)
return true;
@@ -209,13 +216,13 @@ static bool passesTimingAllowCheck(const ResourceResponse& response, const Secur
return false;
}
-static bool allowsTimingRedirect(const Vector<ResourceResponse>& redirectChain, const ResourceResponse& finalResponse, const SecurityOrigin& initiatorSecurityOrigin)
+static bool allowsTimingRedirect(const Vector<ResourceResponse>& redirectChain, const ResourceResponse& finalResponse, const SecurityOrigin& initiatorSecurityOrigin, ExecutionContext* context)
{
- if (!passesTimingAllowCheck(finalResponse, initiatorSecurityOrigin, AtomicString()))
+ if (!passesTimingAllowCheck(finalResponse, initiatorSecurityOrigin, AtomicString(), context))
return false;
for (const ResourceResponse& response : redirectChain) {
- if (!passesTimingAllowCheck(response, initiatorSecurityOrigin, AtomicString()))
+ if (!passesTimingAllowCheck(response, initiatorSecurityOrigin, AtomicString(), context))
return false;
}
@@ -227,13 +234,14 @@ void PerformanceBase::addResourceTiming(const ResourceTimingInfo& info)
if (isResourceTimingBufferFull() && !hasObserverFor(PerformanceEntry::Resource))
return;
SecurityOrigin* securityOrigin = nullptr;
- if (ExecutionContext* context = getExecutionContext())
+ ExecutionContext* context = getExecutionContext();
+ if (context)
securityOrigin = context->getSecurityOrigin();
if (!securityOrigin)
return;
const ResourceResponse& finalResponse = info.finalResponse();
- bool allowTimingDetails = passesTimingAllowCheck(finalResponse, *securityOrigin, info.originalTimingAllowOrigin());
+ bool allowTimingDetails = passesTimingAllowCheck(finalResponse, *securityOrigin, info.originalTimingAllowOrigin(), context);
double startTime = info.initialTime();
if (info.redirectChain().isEmpty()) {
@@ -245,7 +253,7 @@ void PerformanceBase::addResourceTiming(const ResourceTimingInfo& info)
}
const Vector<ResourceResponse>& redirectChain = info.redirectChain();
- bool allowRedirectDetails = allowsTimingRedirect(redirectChain, finalResponse, *securityOrigin);
+ bool allowRedirectDetails = allowsTimingRedirect(redirectChain, finalResponse, *securityOrigin, context);
if (!allowRedirectDetails) {
ResourceLoadTiming* finalTiming = finalResponse.resourceLoadTiming();
« no previous file with comments | « third_party/WebKit/Source/core/frame/UseCounter.h ('k') | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698