Initial implementation of Chrome-Freshness header.

net/http/http_cache_transaction.cc

Index: net/http/http_cache_transaction.cc
diff --git a/net/http/http_cache_transaction.cc b/net/http/http_cache_transaction.cc
index aba792330bf4dcf92e78deeb88ff44ff88fc663f..b827bb085caf15ffe0fce6a337ba553ec3c284c8 100644
--- a/net/http/http_cache_transaction.cc
+++ b/net/http/http_cache_transaction.cc
@@ -15,13 +15,16 @@
 
 #include "base/bind.h"
 #include "base/compiler_specific.h"
+#include "base/format_macros.h"
 #include "base/memory/ref_counted.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram.h"
 #include "base/metrics/sparse_histogram.h"
 #include "base/rand_util.h"
 #include "base/strings/string_number_conversions.h"
+#include "base/strings/string_piece.h"
 #include "base/strings/string_util.h"
+#include "base/strings/stringprintf.h"
 #include "base/time/time.h"
 #include "net/base/completion_callback.h"
 #include "net/base/io_buffer.h"
@@ -48,6 +51,9 @@ using base::TimeTicks;
 
 namespace {
 
+// TODO(ricea): Move this to HttpResponseHeaders once it is standardised.
+static const char kFreshnessHeader[] = "Chrome-Freshness";

[rvargas (doing something else), 2014/07/24 00:54:06]

Shouldn't we use some other prefix that states more clearly that this is
private/experimental/not part of any standard? X-?

In fact, while there was a discussion about supporting stale-while-revalidate, I
don't think I've seen any official talk about the new header (I'm well aware of
its value for server-side measurements). Given that this is not part of any
standard, should there be something posted somewhere around the open web
platform? (I don't follow those lists so I don't know if that happened already,
or what is our policy about starting to send random headers from Chrome).

Which reminds me that this code should go directly into builds of other browsers
than Chrome...

[Adam Rice, 2014/07/28 11:11:13]

Okay, I've changed to "Chromium-Resource-Freshness" for now.

+
 // Stores data relevant to the statistics of writing and reading entire
 // certificate chains using DiskBasedCertCache. |num_pending_ops| is the number
 // of certificates in the chain that have pending operations in the
@@ -232,6 +238,37 @@ void RecordNoStoreHeaderHistogram(int load_flags,
   }
 }
 
+// TODO(ricea): Move this to a more appropriate home. Also, this is closely

[rvargas (doing something else), 2014/07/24 00:54:06]

I think we should move this to http_response_headers with this cl.

[Adam Rice, 2014/07/28 11:11:13]

Done.

+// based on HttpResponseHeaders::GetMaxAgeValue so they should probably share
+// implementation.
+bool GetStaleWhileRevalidateValue(const net::HttpResponseHeaders& headers,
+                                  TimeDelta* result) {
+  const std::string name = "cache-control";

[rvargas (doing something else), 2014/07/24 00:54:06]

nit: remove const and use constructor initialization instead of assignment.

[Adam Rice, 2014/07/28 11:11:13]

Done.

+  std::string value;
+
+  const char kStaleWhileRevalidatePrefix[] = "stale-while-revalidate=";
+  const size_t kStaleWhileRevalidatePrefixLen =
+      arraysize(kStaleWhileRevalidatePrefix) - 1;
+
+  void* iter = NULL;
+  while (headers.EnumerateHeader(&iter, name, &value)) {
+    if (value.size() > kStaleWhileRevalidatePrefixLen &&
+        LowerCaseEqualsASCII(value.begin(),
+                             value.begin() + kStaleWhileRevalidatePrefixLen,
+                             kStaleWhileRevalidatePrefix)) {
+      int64 seconds = 0;
+      const base::StringPiece parameter = base::StringPiece(
+          value.begin() + kStaleWhileRevalidatePrefixLen, value.end());
+      if (!base::StringToInt64(parameter, &seconds) || seconds < 0)
+        continue;
+      *result = TimeDelta::FromSeconds(seconds);
+      return true;
+    }
+  }
+
+  return false;
+}
+
 }  // namespace
 
 namespace net {
@@ -2257,6 +2294,29 @@ bool HttpCache::Transaction::ConditionalizeRequest() {
   bool use_if_range = partial_.get() && !partial_->IsCurrentRangeCached() &&
                       !invalid_range_;
 
+  if (!use_if_range && request_->privacy_mode != PRIVACY_MODE_ENABLED) {
+    // stale-while-revalidate is not useful when we only have a partial response
+    // cached, so don't set the header in that case.
+    // Also don't send the header when privacy mode is enabled, to avoid
+    // accidentally fingerprinting the user.
+    base::TimeDelta stale_while_revalidate;
+    if (GetStaleWhileRevalidateValue(*response_.headers,
+                                     &stale_while_revalidate)) {
+      base::TimeDelta max_age =
+          response_.headers->GetFreshnessLifetime(response_.response_time);
+      base::TimeDelta current_age = response_.headers->GetCurrentAge(
+          response_.request_time, response_.response_time, Time::Now());
+
+      custom_request_->extra_headers.SetHeader(

[rvargas (doing something else), 2014/07/24 00:54:06]

We should probably send the header only when stale_while_revalidate is > max_age
(and > 0, which allows better code reuse).

[Adam Rice, 2014/07/28 11:11:13]

I think this would probably make analysis too difficult. There are lots of
reasons why the request might not include the Freshness header, including:

* A proxy stripped it
* A proxy stripped stale-while-revalidate from the original response
* The browser isn't really Chrome
* This revalidation is coming from a cache in the middle, and not from Chrome
itself
* This browser isn't in the experiment group we're sending
stale-while-revalidate too

I could be mistaken, but I think the only way to do a sound analysis is is to
exclude all responses that don't have the Freshness header.

+          kFreshnessHeader,
+          base::StringPrintf("max-age=%" PRId64
+                             ",stale-while-revalidate=%" PRId64 ",age=%" PRId64,
+                             max_age.InSeconds(),
+                             stale_while_revalidate.InSeconds(),
+                             current_age.InSeconds()));
+    }
+  }
+
   if (!etag_value.empty()) {
     if (use_if_range) {
       // We don't want to switch to WRITE mode if we don't have this block of a