Chromium Code Reviews Chromium Code Reviews
Issue 2557673006:
Move Origin::GetURL() out of resource request critical path (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/child/site_isolation_stats_gatherer.h" | 5 #include "content/child/site_isolation_stats_gatherer.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include "base/macros.h" | 10 #include "base/macros.h" |
| (...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 91 | 91 |
| 92 SiteIsolationResponseMetaData::SiteIsolationResponseMetaData() { | 92 SiteIsolationResponseMetaData::SiteIsolationResponseMetaData() { |
| 93 } | 93 } |
| 94 | 94 |
| 95 void SiteIsolationStatsGatherer::SetEnabled(bool enabled) { | 95 void SiteIsolationStatsGatherer::SetEnabled(bool enabled) { |
| 96 g_stats_gathering_enabled = enabled; | 96 g_stats_gathering_enabled = enabled; |
| 97 } | 97 } |
| 98 | 98 |
| 99 std::unique_ptr<SiteIsolationResponseMetaData> | 99 std::unique_ptr<SiteIsolationResponseMetaData> |
| 100 SiteIsolationStatsGatherer::OnReceivedResponse( | 100 SiteIsolationStatsGatherer::OnReceivedResponse( |
| 101 const GURL& frame_origin, | 101 const url::Origin& frame_origin, |
| 102 const GURL& response_url, | 102 const GURL& response_url, |
| 103 ResourceType resource_type, | 103 ResourceType resource_type, |
| 104 int origin_pid, | 104 int origin_pid, |
| 105 const ResourceResponseInfo& info) { | 105 const ResourceResponseInfo& info) { |
| 106 if (!g_stats_gathering_enabled) | 106 if (!g_stats_gathering_enabled) |
| 107 return nullptr; | 107 return nullptr; |
| 108 | 108 |
| 109 // if |origin_pid| is non-zero, it means that this response is for a plugin | 109 // if |origin_pid| is non-zero, it means that this response is for a plugin |
| 110 // spawned from this renderer process. We exclude responses for plugins for | 110 // spawned from this renderer process. We exclude responses for plugins for |
| 111 // now, but eventually, we're going to make plugin processes directly talk to | 111 // now, but eventually, we're going to make plugin processes directly talk to |
| 112 // the browser process so that we don't apply cross-site document blocking to | 112 // the browser process so that we don't apply cross-site document blocking to |
| 113 // them. | 113 // them. |
| 114 if (origin_pid) | 114 if (origin_pid) |
| 115 return nullptr; | 115 return nullptr; |
| 116 | 116 |
| 117 UMA_HISTOGRAM_COUNTS("SiteIsolation.AllResponses", 1); | 117 UMA_HISTOGRAM_COUNTS("SiteIsolation.AllResponses", 1); |
| 118 | 118 |
| 119 // See if this is for navigation. If it is, don't block it, under the | 119 // See if this is for navigation. If it is, don't block it, under the |
| 120 // assumption that we will put it in an appropriate process. | 120 // assumption that we will put it in an appropriate process. |
| 121 if (IsResourceTypeFrame(resource_type)) | 121 if (IsResourceTypeFrame(resource_type)) |
| 122 return nullptr; | 122 return nullptr; |
| 123 | 123 |
| 124 if (!CrossSiteDocumentClassifier::IsBlockableScheme(response_url)) | 124 if (!CrossSiteDocumentClassifier::IsBlockableScheme(response_url)) |
| 125 return nullptr; | 125 return nullptr; |
| 126 | 126 |
| 127 if (CrossSiteDocumentClassifier::IsSameSite(frame_origin, response_url)) | 127 // TODO(csharrison): Add a path for IsSameSite/IsValidCorsHeaderSet to take an |
| 128 // Origin. | |
|
ncarter (slow)
2016/12/08 21:39:49
Another option here is to delete this class, or en
Charlie Harrison
2016/12/08 21:57:33
I think once the CL I referenced lands, it will be
| |
| 129 GURL frame_origin_url = frame_origin.GetURL(); | |
| 130 if (CrossSiteDocumentClassifier::IsSameSite(frame_origin_url, response_url)) | |
| 128 return nullptr; | 131 return nullptr; |
| 129 | 132 |
| 130 CrossSiteDocumentMimeType canonical_mime_type = | 133 CrossSiteDocumentMimeType canonical_mime_type = |
| 131 CrossSiteDocumentClassifier::GetCanonicalMimeType(info.mime_type); | 134 CrossSiteDocumentClassifier::GetCanonicalMimeType(info.mime_type); |
| 132 | 135 |
| 133 if (canonical_mime_type == CROSS_SITE_DOCUMENT_MIME_TYPE_OTHERS) | 136 if (canonical_mime_type == CROSS_SITE_DOCUMENT_MIME_TYPE_OTHERS) |
| 134 return nullptr; | 137 return nullptr; |
| 135 | 138 |
| 136 // Every CORS request should have the Access-Control-Allow-Origin header even | 139 // Every CORS request should have the Access-Control-Allow-Origin header even |
| 137 // if it is preceded by a pre-flight request. Therefore, if this is a CORS | 140 // if it is preceded by a pre-flight request. Therefore, if this is a CORS |
| 138 // request, it has this header. response.httpHeaderField() internally uses | 141 // request, it has this header. response.httpHeaderField() internally uses |
| 139 // case-insensitive matching for the header name. | 142 // case-insensitive matching for the header name. |
| 140 std::string access_control_origin; | 143 std::string access_control_origin; |
| 141 | 144 |
| 142 // We can use a case-insensitive header name for EnumerateHeader(). | 145 // We can use a case-insensitive header name for EnumerateHeader(). |
| 143 info.headers->EnumerateHeader(NULL, "access-control-allow-origin", | 146 info.headers->EnumerateHeader(NULL, "access-control-allow-origin", |
| 144 &access_control_origin); | 147 &access_control_origin); |
| 145 if (CrossSiteDocumentClassifier::IsValidCorsHeaderSet( | 148 if (CrossSiteDocumentClassifier::IsValidCorsHeaderSet( |
| 146 frame_origin, response_url, access_control_origin)) | 149 frame_origin_url, response_url, access_control_origin)) |
| 147 return nullptr; | 150 return nullptr; |
| 148 | 151 |
| 149 // Real XSD data collection starts from here. | 152 // Real XSD data collection starts from here. |
| 150 std::string no_sniff; | 153 std::string no_sniff; |
| 151 info.headers->EnumerateHeader(NULL, "x-content-type-options", &no_sniff); | 154 info.headers->EnumerateHeader(NULL, "x-content-type-options", &no_sniff); |
| 152 | 155 |
| 153 std::unique_ptr<SiteIsolationResponseMetaData> resp_data( | 156 std::unique_ptr<SiteIsolationResponseMetaData> resp_data( |
| 154 new SiteIsolationResponseMetaData); | 157 new SiteIsolationResponseMetaData); |
| 155 resp_data->frame_origin = frame_origin.spec(); | 158 resp_data->frame_origin = frame_origin_url.spec(); |
| 156 resp_data->response_url = response_url; | 159 resp_data->response_url = response_url; |
| 157 resp_data->resource_type = resource_type; | 160 resp_data->resource_type = resource_type; |
| 158 resp_data->canonical_mime_type = canonical_mime_type; | 161 resp_data->canonical_mime_type = canonical_mime_type; |
| 159 resp_data->http_status_code = info.headers->response_code(); | 162 resp_data->http_status_code = info.headers->response_code(); |
| 160 resp_data->no_sniff = base::LowerCaseEqualsASCII(no_sniff, "nosniff"); | 163 resp_data->no_sniff = base::LowerCaseEqualsASCII(no_sniff, "nosniff"); |
| 161 | 164 |
| 162 return resp_data; | 165 return resp_data; |
| 163 } | 166 } |
| 164 | 167 |
| 165 bool SiteIsolationStatsGatherer::OnReceivedFirstChunk( | 168 bool SiteIsolationStatsGatherer::OnReceivedFirstChunk( |
| (...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 252 } | 255 } |
| 253 | 256 |
| 254 bool SiteIsolationStatsGatherer::SniffForJS(base::StringPiece data) { | 257 bool SiteIsolationStatsGatherer::SniffForJS(base::StringPiece data) { |
| 255 // The purpose of this function is to try to see if there's any possibility | 258 // The purpose of this function is to try to see if there's any possibility |
| 256 // that this data can be JavaScript (superset of JS). Search for "var " for JS | 259 // that this data can be JavaScript (superset of JS). Search for "var " for JS |
| 257 // detection. This is a real hack and should only be used for stats gathering. | 260 // detection. This is a real hack and should only be used for stats gathering. |
| 258 return data.find("var ") != base::StringPiece::npos; | 261 return data.find("var ") != base::StringPiece::npos; |
| 259 } | 262 } |
| 260 | 263 |
| 261 } // namespace content | 264 } // namespace content |
| OLD | NEW |
