Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(269)

Side by Side Diff: content/child/site_isolation_stats_gatherer.cc

Issue 2557673006: Move Origin::GetURL() out of resource request critical path (Closed)
Patch Set: Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/child/site_isolation_stats_gatherer.h" 5 #include "content/child/site_isolation_stats_gatherer.h"
6 6
7 #include <stddef.h> 7 #include <stddef.h>
8 #include <stdint.h> 8 #include <stdint.h>
9 9
10 #include "base/macros.h" 10 #include "base/macros.h"
(...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after
91 91
92 SiteIsolationResponseMetaData::SiteIsolationResponseMetaData() { 92 SiteIsolationResponseMetaData::SiteIsolationResponseMetaData() {
93 } 93 }
94 94
95 void SiteIsolationStatsGatherer::SetEnabled(bool enabled) { 95 void SiteIsolationStatsGatherer::SetEnabled(bool enabled) {
96 g_stats_gathering_enabled = enabled; 96 g_stats_gathering_enabled = enabled;
97 } 97 }
98 98
99 std::unique_ptr<SiteIsolationResponseMetaData> 99 std::unique_ptr<SiteIsolationResponseMetaData>
100 SiteIsolationStatsGatherer::OnReceivedResponse( 100 SiteIsolationStatsGatherer::OnReceivedResponse(
101 const GURL& frame_origin, 101 const url::Origin& frame_origin,
102 const GURL& response_url, 102 const GURL& response_url,
103 ResourceType resource_type, 103 ResourceType resource_type,
104 int origin_pid, 104 int origin_pid,
105 const ResourceResponseInfo& info) { 105 const ResourceResponseInfo& info) {
106 if (!g_stats_gathering_enabled) 106 if (!g_stats_gathering_enabled)
107 return nullptr; 107 return nullptr;
108 108
109 // if |origin_pid| is non-zero, it means that this response is for a plugin 109 // if |origin_pid| is non-zero, it means that this response is for a plugin
110 // spawned from this renderer process. We exclude responses for plugins for 110 // spawned from this renderer process. We exclude responses for plugins for
111 // now, but eventually, we're going to make plugin processes directly talk to 111 // now, but eventually, we're going to make plugin processes directly talk to
112 // the browser process so that we don't apply cross-site document blocking to 112 // the browser process so that we don't apply cross-site document blocking to
113 // them. 113 // them.
114 if (origin_pid) 114 if (origin_pid)
115 return nullptr; 115 return nullptr;
116 116
117 UMA_HISTOGRAM_COUNTS("SiteIsolation.AllResponses", 1); 117 UMA_HISTOGRAM_COUNTS("SiteIsolation.AllResponses", 1);
118 118
119 // See if this is for navigation. If it is, don't block it, under the 119 // See if this is for navigation. If it is, don't block it, under the
120 // assumption that we will put it in an appropriate process. 120 // assumption that we will put it in an appropriate process.
121 if (IsResourceTypeFrame(resource_type)) 121 if (IsResourceTypeFrame(resource_type))
122 return nullptr; 122 return nullptr;
123 123
124 if (!CrossSiteDocumentClassifier::IsBlockableScheme(response_url)) 124 if (!CrossSiteDocumentClassifier::IsBlockableScheme(response_url))
125 return nullptr; 125 return nullptr;
126 126
127 if (CrossSiteDocumentClassifier::IsSameSite(frame_origin, response_url)) 127 // TODO(csharrison): Add a path for IsSameSite/IsValidCorsHeaderSet to take an
128 // Origin.
ncarter (slow) 2016/12/08 21:39:49 Another option here is to delete this class, or en
Charlie Harrison 2016/12/08 21:57:33 I think once the CL I referenced lands, it will be
129 GURL frame_origin_url = frame_origin.GetURL();
130 if (CrossSiteDocumentClassifier::IsSameSite(frame_origin_url, response_url))
128 return nullptr; 131 return nullptr;
129 132
130 CrossSiteDocumentMimeType canonical_mime_type = 133 CrossSiteDocumentMimeType canonical_mime_type =
131 CrossSiteDocumentClassifier::GetCanonicalMimeType(info.mime_type); 134 CrossSiteDocumentClassifier::GetCanonicalMimeType(info.mime_type);
132 135
133 if (canonical_mime_type == CROSS_SITE_DOCUMENT_MIME_TYPE_OTHERS) 136 if (canonical_mime_type == CROSS_SITE_DOCUMENT_MIME_TYPE_OTHERS)
134 return nullptr; 137 return nullptr;
135 138
136 // Every CORS request should have the Access-Control-Allow-Origin header even 139 // Every CORS request should have the Access-Control-Allow-Origin header even
137 // if it is preceded by a pre-flight request. Therefore, if this is a CORS 140 // if it is preceded by a pre-flight request. Therefore, if this is a CORS
138 // request, it has this header. response.httpHeaderField() internally uses 141 // request, it has this header. response.httpHeaderField() internally uses
139 // case-insensitive matching for the header name. 142 // case-insensitive matching for the header name.
140 std::string access_control_origin; 143 std::string access_control_origin;
141 144
142 // We can use a case-insensitive header name for EnumerateHeader(). 145 // We can use a case-insensitive header name for EnumerateHeader().
143 info.headers->EnumerateHeader(NULL, "access-control-allow-origin", 146 info.headers->EnumerateHeader(NULL, "access-control-allow-origin",
144 &access_control_origin); 147 &access_control_origin);
145 if (CrossSiteDocumentClassifier::IsValidCorsHeaderSet( 148 if (CrossSiteDocumentClassifier::IsValidCorsHeaderSet(
146 frame_origin, response_url, access_control_origin)) 149 frame_origin_url, response_url, access_control_origin))
147 return nullptr; 150 return nullptr;
148 151
149 // Real XSD data collection starts from here. 152 // Real XSD data collection starts from here.
150 std::string no_sniff; 153 std::string no_sniff;
151 info.headers->EnumerateHeader(NULL, "x-content-type-options", &no_sniff); 154 info.headers->EnumerateHeader(NULL, "x-content-type-options", &no_sniff);
152 155
153 std::unique_ptr<SiteIsolationResponseMetaData> resp_data( 156 std::unique_ptr<SiteIsolationResponseMetaData> resp_data(
154 new SiteIsolationResponseMetaData); 157 new SiteIsolationResponseMetaData);
155 resp_data->frame_origin = frame_origin.spec(); 158 resp_data->frame_origin = frame_origin_url.spec();
156 resp_data->response_url = response_url; 159 resp_data->response_url = response_url;
157 resp_data->resource_type = resource_type; 160 resp_data->resource_type = resource_type;
158 resp_data->canonical_mime_type = canonical_mime_type; 161 resp_data->canonical_mime_type = canonical_mime_type;
159 resp_data->http_status_code = info.headers->response_code(); 162 resp_data->http_status_code = info.headers->response_code();
160 resp_data->no_sniff = base::LowerCaseEqualsASCII(no_sniff, "nosniff"); 163 resp_data->no_sniff = base::LowerCaseEqualsASCII(no_sniff, "nosniff");
161 164
162 return resp_data; 165 return resp_data;
163 } 166 }
164 167
165 bool SiteIsolationStatsGatherer::OnReceivedFirstChunk( 168 bool SiteIsolationStatsGatherer::OnReceivedFirstChunk(
(...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after
252 } 255 }
253 256
254 bool SiteIsolationStatsGatherer::SniffForJS(base::StringPiece data) { 257 bool SiteIsolationStatsGatherer::SniffForJS(base::StringPiece data) {
255 // The purpose of this function is to try to see if there's any possibility 258 // The purpose of this function is to try to see if there's any possibility
256 // that this data can be JavaScript (superset of JS). Search for "var " for JS 259 // that this data can be JavaScript (superset of JS). Search for "var " for JS
257 // detection. This is a real hack and should only be used for stats gathering. 260 // detection. This is a real hack and should only be used for stats gathering.
258 return data.find("var ") != base::StringPiece::npos; 261 return data.find("var ") != base::StringPiece::npos;
259 } 262 }
260 263
261 } // namespace content 264 } // namespace content
OLDNEW
« no previous file with comments | « content/child/site_isolation_stats_gatherer.h ('k') | content/child/url_response_body_consumer_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698