Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(510)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/modules/beacon/NavigatorBeacon.cpp

Issue 2184973002: Add UMA to count the usage of sendBeacon with non-simple Content-Type (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Rebase Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/Source/core/frame/UseCounter.h ('k') | third_party/WebKit/Source/platform/RuntimeEnabledFeatures.in » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/modules/beacon/NavigatorBeacon.cpp
diff --git a/third_party/WebKit/Source/modules/beacon/NavigatorBeacon.cpp b/third_party/WebKit/Source/modules/beacon/NavigatorBeacon.cpp
index 33a1b2dfd2fd26d0f7ee65b8effdf47c5f20bacb..b1893de49faf9059654c5c4c1413dc30983b0944 100644
--- a/third_party/WebKit/Source/modules/beacon/NavigatorBeacon.cpp
+++ b/third_party/WebKit/Source/modules/beacon/NavigatorBeacon.cpp
@@ -9,6 +9,7 @@
#include "core/dom/DOMArrayBufferView.h"
#include "core/dom/ExceptionCode.h"
#include "core/dom/ExecutionContext.h"
+#include "core/fetch/FetchUtils.h"
#include "core/fileapi/Blob.h"
#include "core/frame/LocalFrame.h"
#include "core/frame/Settings.h"
@@ -111,16 +112,25 @@ bool NavigatorBeacon::sendBeacon(ExecutionContext* context, Navigator& navigator
int bytes = 0;
bool allowed;
- if (data.isArrayBufferView())
+ if (data.isArrayBufferView()) {
allowed = BeaconLoader::sendBeacon(impl.frame(), allowance, url, data.getAsArrayBufferView(), bytes);
- else if (data.isBlob())
- allowed = BeaconLoader::sendBeacon(impl.frame(), allowance, url, data.getAsBlob(), bytes);
- else if (data.isString())
+ } else if (data.isBlob()) {
+ Blob* blob = data.getAsBlob();
+ if (!FetchUtils::isSimpleContentType(AtomicString(blob->type()))) {
+ UseCounter::count(context, UseCounter::SendBeaconWithNonSimpleContentType);
+ if (RuntimeEnabledFeatures::sendBeaconThrowForBlobWithNonSimpleTypeEnabled()) {
+ exceptionState.throwSecurityError("sendBeacon() with a Blob whose type is not CORS-safelisted MIME type is disallowed experimentally. See http://crbug.com/490015 for details.");
+ return false;
+ }
+ }
+ allowed = BeaconLoader::sendBeacon(impl.frame(), allowance, url, blob, bytes);
+ } else if (data.isString()) {
allowed = BeaconLoader::sendBeacon(impl.frame(), allowance, url, data.getAsString(), bytes);
- else if (data.isFormData())
+ } else if (data.isFormData()) {
allowed = BeaconLoader::sendBeacon(impl.frame(), allowance, url, data.getAsFormData(), bytes);
- else
+ } else {
allowed = BeaconLoader::sendBeacon(impl.frame(), allowance, url, String(), bytes);
+ }
return impl.beaconResult(context, allowed, bytes);
}
« no previous file with comments | « third_party/WebKit/Source/core/frame/UseCounter.h ('k') | third_party/WebKit/Source/platform/RuntimeEnabledFeatures.in » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698