OLD | NEW |
---|---|
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/child/site_isolation_stats_gatherer.h" | 5 #include "content/child/site_isolation_stats_gatherer.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include "base/macros.h" | 10 #include "base/macros.h" |
(...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
91 | 91 |
92 SiteIsolationResponseMetaData::SiteIsolationResponseMetaData() { | 92 SiteIsolationResponseMetaData::SiteIsolationResponseMetaData() { |
93 } | 93 } |
94 | 94 |
95 void SiteIsolationStatsGatherer::SetEnabled(bool enabled) { | 95 void SiteIsolationStatsGatherer::SetEnabled(bool enabled) { |
96 g_stats_gathering_enabled = enabled; | 96 g_stats_gathering_enabled = enabled; |
97 } | 97 } |
98 | 98 |
99 std::unique_ptr<SiteIsolationResponseMetaData> | 99 std::unique_ptr<SiteIsolationResponseMetaData> |
100 SiteIsolationStatsGatherer::OnReceivedResponse( | 100 SiteIsolationStatsGatherer::OnReceivedResponse( |
101 const GURL& frame_origin, | 101 const url::Origin& frame_origin, |
102 const GURL& response_url, | 102 const GURL& response_url, |
103 ResourceType resource_type, | 103 ResourceType resource_type, |
104 int origin_pid, | 104 int origin_pid, |
105 const ResourceResponseInfo& info) { | 105 const ResourceResponseInfo& info) { |
106 if (!g_stats_gathering_enabled) | 106 if (!g_stats_gathering_enabled) |
107 return nullptr; | 107 return nullptr; |
108 | 108 |
109 // if |origin_pid| is non-zero, it means that this response is for a plugin | 109 // if |origin_pid| is non-zero, it means that this response is for a plugin |
110 // spawned from this renderer process. We exclude responses for plugins for | 110 // spawned from this renderer process. We exclude responses for plugins for |
111 // now, but eventually, we're going to make plugin processes directly talk to | 111 // now, but eventually, we're going to make plugin processes directly talk to |
112 // the browser process so that we don't apply cross-site document blocking to | 112 // the browser process so that we don't apply cross-site document blocking to |
113 // them. | 113 // them. |
114 if (origin_pid) | 114 if (origin_pid) |
115 return nullptr; | 115 return nullptr; |
116 | 116 |
117 UMA_HISTOGRAM_COUNTS("SiteIsolation.AllResponses", 1); | 117 UMA_HISTOGRAM_COUNTS("SiteIsolation.AllResponses", 1); |
118 | 118 |
119 // See if this is for navigation. If it is, don't block it, under the | 119 // See if this is for navigation. If it is, don't block it, under the |
120 // assumption that we will put it in an appropriate process. | 120 // assumption that we will put it in an appropriate process. |
121 if (IsResourceTypeFrame(resource_type)) | 121 if (IsResourceTypeFrame(resource_type)) |
122 return nullptr; | 122 return nullptr; |
123 | 123 |
124 if (!CrossSiteDocumentClassifier::IsBlockableScheme(response_url)) | 124 if (!CrossSiteDocumentClassifier::IsBlockableScheme(response_url)) |
125 return nullptr; | 125 return nullptr; |
126 | 126 |
127 if (CrossSiteDocumentClassifier::IsSameSite(frame_origin, response_url)) | 127 // TODO(csharrison): Add a path for IsSameSite/IsValidCorsHeaderSet to take an |
128 // Origin. | |
ncarter (slow)
2016/12/08 21:39:49
Another option here is to delete this class, or en
Charlie Harrison
2016/12/08 21:57:33
I think once the CL I referenced lands, it will be
| |
129 GURL frame_origin_url = frame_origin.GetURL(); | |
130 if (CrossSiteDocumentClassifier::IsSameSite(frame_origin_url, response_url)) | |
128 return nullptr; | 131 return nullptr; |
129 | 132 |
130 CrossSiteDocumentMimeType canonical_mime_type = | 133 CrossSiteDocumentMimeType canonical_mime_type = |
131 CrossSiteDocumentClassifier::GetCanonicalMimeType(info.mime_type); | 134 CrossSiteDocumentClassifier::GetCanonicalMimeType(info.mime_type); |
132 | 135 |
133 if (canonical_mime_type == CROSS_SITE_DOCUMENT_MIME_TYPE_OTHERS) | 136 if (canonical_mime_type == CROSS_SITE_DOCUMENT_MIME_TYPE_OTHERS) |
134 return nullptr; | 137 return nullptr; |
135 | 138 |
136 // Every CORS request should have the Access-Control-Allow-Origin header even | 139 // Every CORS request should have the Access-Control-Allow-Origin header even |
137 // if it is preceded by a pre-flight request. Therefore, if this is a CORS | 140 // if it is preceded by a pre-flight request. Therefore, if this is a CORS |
138 // request, it has this header. response.httpHeaderField() internally uses | 141 // request, it has this header. response.httpHeaderField() internally uses |
139 // case-insensitive matching for the header name. | 142 // case-insensitive matching for the header name. |
140 std::string access_control_origin; | 143 std::string access_control_origin; |
141 | 144 |
142 // We can use a case-insensitive header name for EnumerateHeader(). | 145 // We can use a case-insensitive header name for EnumerateHeader(). |
143 info.headers->EnumerateHeader(NULL, "access-control-allow-origin", | 146 info.headers->EnumerateHeader(NULL, "access-control-allow-origin", |
144 &access_control_origin); | 147 &access_control_origin); |
145 if (CrossSiteDocumentClassifier::IsValidCorsHeaderSet( | 148 if (CrossSiteDocumentClassifier::IsValidCorsHeaderSet( |
146 frame_origin, response_url, access_control_origin)) | 149 frame_origin_url, response_url, access_control_origin)) |
147 return nullptr; | 150 return nullptr; |
148 | 151 |
149 // Real XSD data collection starts from here. | 152 // Real XSD data collection starts from here. |
150 std::string no_sniff; | 153 std::string no_sniff; |
151 info.headers->EnumerateHeader(NULL, "x-content-type-options", &no_sniff); | 154 info.headers->EnumerateHeader(NULL, "x-content-type-options", &no_sniff); |
152 | 155 |
153 std::unique_ptr<SiteIsolationResponseMetaData> resp_data( | 156 std::unique_ptr<SiteIsolationResponseMetaData> resp_data( |
154 new SiteIsolationResponseMetaData); | 157 new SiteIsolationResponseMetaData); |
155 resp_data->frame_origin = frame_origin.spec(); | 158 resp_data->frame_origin = frame_origin_url.spec(); |
156 resp_data->response_url = response_url; | 159 resp_data->response_url = response_url; |
157 resp_data->resource_type = resource_type; | 160 resp_data->resource_type = resource_type; |
158 resp_data->canonical_mime_type = canonical_mime_type; | 161 resp_data->canonical_mime_type = canonical_mime_type; |
159 resp_data->http_status_code = info.headers->response_code(); | 162 resp_data->http_status_code = info.headers->response_code(); |
160 resp_data->no_sniff = base::LowerCaseEqualsASCII(no_sniff, "nosniff"); | 163 resp_data->no_sniff = base::LowerCaseEqualsASCII(no_sniff, "nosniff"); |
161 | 164 |
162 return resp_data; | 165 return resp_data; |
163 } | 166 } |
164 | 167 |
165 bool SiteIsolationStatsGatherer::OnReceivedFirstChunk( | 168 bool SiteIsolationStatsGatherer::OnReceivedFirstChunk( |
(...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
252 } | 255 } |
253 | 256 |
254 bool SiteIsolationStatsGatherer::SniffForJS(base::StringPiece data) { | 257 bool SiteIsolationStatsGatherer::SniffForJS(base::StringPiece data) { |
255 // The purpose of this function is to try to see if there's any possibility | 258 // The purpose of this function is to try to see if there's any possibility |
256 // that this data can be JavaScript (superset of JS). Search for "var " for JS | 259 // that this data can be JavaScript (superset of JS). Search for "var " for JS |
257 // detection. This is a real hack and should only be used for stats gathering. | 260 // detection. This is a real hack and should only be used for stats gathering. |
258 return data.find("var ") != base::StringPiece::npos; | 261 return data.find("var ") != base::StringPiece::npos; |
259 } | 262 } |
260 | 263 |
261 } // namespace content | 264 } // namespace content |
OLD | NEW |