Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(109)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/timing/Performance.cpp

Issue 271083002: Resource Timing: Use original Timing-Allow-Origin for cache validating (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Source/core/fetch/ResourceFetcher.cpp ('k') | Source/core/timing/ResourceTimingInfo.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2010 Google Inc. All rights reserved. 2 * Copyright (C) 2010 Google Inc. All rights reserved.
3 * Copyright (C) 2012 Intel Inc. All rights reserved. 3 * Copyright (C) 2012 Intel Inc. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are 6 * modification, are permitted provided that the following conditions are
7 * met: 7 * met:
8 * 8 *
9 * * Redistributions of source code must retain the above copyright 9 * * Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
(...skipping 139 matching lines...) Expand 10 before | Expand all | Expand 10 after
150 m_resourceTimingBuffer.clear(); 150 m_resourceTimingBuffer.clear();
151 } 151 }
152 152
153 void Performance::webkitSetResourceTimingBufferSize(unsigned size) 153 void Performance::webkitSetResourceTimingBufferSize(unsigned size)
154 { 154 {
155 m_resourceTimingBufferSize = size; 155 m_resourceTimingBufferSize = size;
156 if (isResourceTimingBufferFull()) 156 if (isResourceTimingBufferFull())
157 dispatchEvent(Event::create(EventTypeNames::webkitresourcetimingbufferfu ll)); 157 dispatchEvent(Event::create(EventTypeNames::webkitresourcetimingbufferfu ll));
158 } 158 }
159 159
160 static bool passesTimingAllowCheck(const ResourceResponse& response, Document* r equestingDocument) 160 static bool passesTimingAllowCheck(const ResourceResponse& response, Document* r equestingDocument, const AtomicString& originalTimingAllowOrigin)
161 { 161 {
162 AtomicallyInitializedStatic(AtomicString&, timingAllowOrigin = *new AtomicSt ring("timing-allow-origin")); 162 AtomicallyInitializedStatic(AtomicString&, timingAllowOrigin = *new AtomicSt ring("timing-allow-origin"));
163 163
164 RefPtr<SecurityOrigin> resourceOrigin = SecurityOrigin::create(response.url( )); 164 RefPtr<SecurityOrigin> resourceOrigin = SecurityOrigin::create(response.url( ));
165 if (resourceOrigin->isSameSchemeHostPort(requestingDocument->securityOrigin( ))) 165 if (resourceOrigin->isSameSchemeHostPort(requestingDocument->securityOrigin( )))
166 return true; 166 return true;
167 167
168 const AtomicString& timingAllowOriginString = response.httpHeaderField(timin gAllowOrigin); 168 const AtomicString& timingAllowOriginString = originalTimingAllowOrigin.isEm pty() ? response.httpHeaderField(timingAllowOrigin) : originalTimingAllowOrigin;
169 if (timingAllowOriginString.isEmpty() || equalIgnoringCase(timingAllowOrigin String, "null")) 169 if (timingAllowOriginString.isEmpty() || equalIgnoringCase(timingAllowOrigin String, "null"))
170 return false; 170 return false;
171 171
172 if (timingAllowOriginString == starAtom) 172 if (timingAllowOriginString == starAtom)
173 return true; 173 return true;
174 174
175 const String& securityOrigin = requestingDocument->securityOrigin()->toStrin g(); 175 const String& securityOrigin = requestingDocument->securityOrigin()->toStrin g();
176 Vector<String> timingAllowOrigins; 176 Vector<String> timingAllowOrigins;
177 timingAllowOriginString.string().split(" ", timingAllowOrigins); 177 timingAllowOriginString.string().split(" ", timingAllowOrigins);
178 for (size_t i = 0; i < timingAllowOrigins.size(); ++i) { 178 for (size_t i = 0; i < timingAllowOrigins.size(); ++i) {
179 if (timingAllowOrigins[i] == securityOrigin) 179 if (timingAllowOrigins[i] == securityOrigin)
180 return true; 180 return true;
181 } 181 }
182 182
183 return false; 183 return false;
184 } 184 }
185 185
186 static bool allowsTimingRedirect(const Vector<ResourceResponse>& redirectChain, const ResourceResponse& finalResponse, Document* initiatorDocument) 186 static bool allowsTimingRedirect(const Vector<ResourceResponse>& redirectChain, const ResourceResponse& finalResponse, Document* initiatorDocument)
187 { 187 {
188 if (!passesTimingAllowCheck(finalResponse, initiatorDocument)) 188 if (!passesTimingAllowCheck(finalResponse, initiatorDocument, emptyAtom))
189 return false; 189 return false;
190 190
191 for (size_t i = 0; i < redirectChain.size(); i++) { 191 for (size_t i = 0; i < redirectChain.size(); i++) {
192 if (!passesTimingAllowCheck(redirectChain[i], initiatorDocument)) 192 if (!passesTimingAllowCheck(redirectChain[i], initiatorDocument, emptyAt om))
193 return false; 193 return false;
194 } 194 }
195 195
196 return true; 196 return true;
197 } 197 }
198 198
199 void Performance::addResourceTiming(const ResourceTimingInfo& info, Document* in itiatorDocument) 199 void Performance::addResourceTiming(const ResourceTimingInfo& info, Document* in itiatorDocument)
200 { 200 {
201 if (isResourceTimingBufferFull()) 201 if (isResourceTimingBufferFull())
202 return; 202 return;
203 203
204 const ResourceResponse& finalResponse = info.finalResponse(); 204 const ResourceResponse& finalResponse = info.finalResponse();
205 bool allowTimingDetails = passesTimingAllowCheck(finalResponse, initiatorDoc ument); 205 bool allowTimingDetails = passesTimingAllowCheck(finalResponse, initiatorDoc ument, info.originalTimingAllowOrigin());
206 double startTime = info.initialTime(); 206 double startTime = info.initialTime();
207 207
208 if (info.redirectChain().isEmpty()) { 208 if (info.redirectChain().isEmpty()) {
209 RefPtrWillBeRawPtr<PerformanceEntry> entry = PerformanceResourceTiming:: create(info, initiatorDocument, startTime, allowTimingDetails); 209 RefPtrWillBeRawPtr<PerformanceEntry> entry = PerformanceResourceTiming:: create(info, initiatorDocument, startTime, allowTimingDetails);
210 addResourceTimingBuffer(entry); 210 addResourceTimingBuffer(entry);
211 return; 211 return;
212 } 212 }
213 213
214 const Vector<ResourceResponse>& redirectChain = info.redirectChain(); 214 const Vector<ResourceResponse>& redirectChain = info.redirectChain();
215 bool allowRedirectDetails = allowsTimingRedirect(redirectChain, finalRespons e, initiatorDocument); 215 bool allowRedirectDetails = allowsTimingRedirect(redirectChain, finalRespons e, initiatorDocument);
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after
277 277
278 void Performance::trace(Visitor* visitor) 278 void Performance::trace(Visitor* visitor)
279 { 279 {
280 visitor->trace(m_navigation); 280 visitor->trace(m_navigation);
281 visitor->trace(m_timing); 281 visitor->trace(m_timing);
282 visitor->trace(m_resourceTimingBuffer); 282 visitor->trace(m_resourceTimingBuffer);
283 visitor->trace(m_userTiming); 283 visitor->trace(m_userTiming);
284 } 284 }
285 285
286 } // namespace WebCore 286 } // namespace WebCore
OLDNEW
« no previous file with comments | « Source/core/fetch/ResourceFetcher.cpp ('k') | Source/core/timing/ResourceTimingInfo.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698