Make ResourceLoadObserver::logWebSocketLoading() handle websockets in detached frames
[WebKit-https.git] / Source / WebCore / loader / ResourceLoadObserver.cpp
1 /*
2  * Copyright (C) 2016-2018 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
14  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
15  * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
17  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
18  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
19  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
20  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
21  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
22  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
23  * THE POSSIBILITY OF SUCH DAMAGE.
24  */
25
26 #include "config.h"
27 #include "ResourceLoadObserver.h"
28
29 #include "DeprecatedGlobalSettings.h"
30 #include "Document.h"
31 #include "Frame.h"
32 #include "FrameLoader.h"
33 #include "HTMLFrameOwnerElement.h"
34 #include "Logging.h"
35 #include "Page.h"
36 #include "ResourceLoadStatistics.h"
37 #include "ResourceRequest.h"
38 #include "ResourceResponse.h"
39 #include "ScriptExecutionContext.h"
40 #include "SecurityOrigin.h"
41 #include "Settings.h"
42 #include "URL.h"
43
44 namespace WebCore {
45
46 template<typename T> static inline String primaryDomain(const T& value)
47 {
48     return ResourceLoadStatistics::primaryDomain(value);
49 }
50
51 static const Seconds minimumNotificationInterval { 5_s };
52
53 ResourceLoadObserver& ResourceLoadObserver::shared()
54 {
55     static NeverDestroyed<ResourceLoadObserver> resourceLoadObserver;
56     return resourceLoadObserver;
57 }
58
59 static bool shouldEnableSiteSpecificQuirks(Page* page)
60 {
61 #if PLATFORM(IOS)
62     UNUSED_PARAM(page);
63
64     // There is currently no way to toggle the needsSiteSpecificQuirks setting on iOS so we always enable
65     // the site-specific quirks on iOS.
66     return true;
67 #else
68     return page && page->settings().needsSiteSpecificQuirks();
69 #endif
70 }
71
72 static bool areDomainsAssociated(Page* page, const String& firstDomain, const String& secondDomain)
73 {
74     return ResourceLoadStatistics::areDomainsAssociated(shouldEnableSiteSpecificQuirks(page), firstDomain, secondDomain);
75 }
76
77 void ResourceLoadObserver::setNotificationCallback(WTF::Function<void (Vector<ResourceLoadStatistics>&&)>&& notificationCallback)
78 {
79     ASSERT(!m_notificationCallback);
80     m_notificationCallback = WTFMove(notificationCallback);
81 }
82
83 void ResourceLoadObserver::setRequestStorageAccessUnderOpenerCallback(WTF::Function<void(const String& domainInNeedOfStorageAccess, uint64_t openerPageID, const String& openerDomain, bool isTriggeredByUserGesture)>&& callback)
84 {
85     ASSERT(!m_requestStorageAccessUnderOpenerCallback);
86     m_requestStorageAccessUnderOpenerCallback = WTFMove(callback);
87 }
88
89 ResourceLoadObserver::ResourceLoadObserver()
90     : m_notificationTimer(*this, &ResourceLoadObserver::notifyObserver)
91 {
92 }
93
94 static inline bool is3xxRedirect(const ResourceResponse& response)
95 {
96     return response.httpStatusCode() >= 300 && response.httpStatusCode() <= 399;
97 }
98
99 bool ResourceLoadObserver::shouldLog(bool usesEphemeralSession) const
100 {
101     return DeprecatedGlobalSettings::resourceLoadStatisticsEnabled() && !usesEphemeralSession && m_notificationCallback;
102 }
103
104 void ResourceLoadObserver::logSubresourceLoading(const Frame* frame, const ResourceRequest& newRequest, const ResourceResponse& redirectResponse)
105 {
106     ASSERT(frame->page());
107
108     auto* page = frame->page();
109     if (!shouldLog(page->usesEphemeralSession()))
110         return;
111
112     bool isRedirect = is3xxRedirect(redirectResponse);
113     const URL& sourceURL = redirectResponse.url();
114     const URL& targetURL = newRequest.url();
115     const URL& mainFrameURL = frame ? frame->mainFrame().document()->url() : URL();
116     
117     auto targetHost = targetURL.host();
118     auto mainFrameHost = mainFrameURL.host();
119
120     if (targetHost.isEmpty() || mainFrameHost.isEmpty() || targetHost == mainFrameHost || (isRedirect && targetHost == sourceURL.host()))
121         return;
122
123     auto targetPrimaryDomain = primaryDomain(targetURL);
124     auto mainFramePrimaryDomain = primaryDomain(mainFrameURL);
125     auto sourcePrimaryDomain = primaryDomain(sourceURL);
126     
127     if (areDomainsAssociated(page, targetPrimaryDomain, mainFramePrimaryDomain) || (isRedirect && areDomainsAssociated(page, targetPrimaryDomain, sourcePrimaryDomain)))
128         return;
129
130     bool shouldCallNotificationCallback = false;
131     {
132         auto& targetStatistics = ensureResourceStatisticsForPrimaryDomain(targetPrimaryDomain);
133         targetStatistics.lastSeen = ResourceLoadStatistics::reduceTimeResolution(WallTime::now());
134         if (targetStatistics.subresourceUnderTopFrameOrigins.add(mainFramePrimaryDomain).isNewEntry)
135             shouldCallNotificationCallback = true;
136     }
137
138     if (isRedirect) {
139         auto& redirectingOriginStatistics = ensureResourceStatisticsForPrimaryDomain(sourcePrimaryDomain);
140         bool isNewRedirectToEntry = redirectingOriginStatistics.subresourceUniqueRedirectsTo.add(targetPrimaryDomain).isNewEntry;
141         auto& targetStatistics = ensureResourceStatisticsForPrimaryDomain(targetPrimaryDomain);
142         bool isNewRedirectFromEntry = targetStatistics.subresourceUniqueRedirectsFrom.add(sourcePrimaryDomain).isNewEntry;
143
144         if (isNewRedirectToEntry || isNewRedirectFromEntry)
145             shouldCallNotificationCallback = true;
146     }
147
148     if (shouldCallNotificationCallback)
149         scheduleNotificationIfNeeded();
150 }
151
152 void ResourceLoadObserver::logWebSocketLoading(const URL& targetURL, const URL& mainFrameURL, bool usesEphemeralSession)
153 {
154     if (!shouldLog(usesEphemeralSession))
155         return;
156
157     auto targetHost = targetURL.host();
158     auto mainFrameHost = mainFrameURL.host();
159     
160     if (targetHost.isEmpty() || mainFrameHost.isEmpty() || targetHost == mainFrameHost)
161         return;
162     
163     auto targetPrimaryDomain = primaryDomain(targetURL);
164     auto mainFramePrimaryDomain = primaryDomain(mainFrameURL);
165
166     auto& targetStatistics = ensureResourceStatisticsForPrimaryDomain(targetPrimaryDomain);
167     targetStatistics.lastSeen = ResourceLoadStatistics::reduceTimeResolution(WallTime::now());
168     if (targetStatistics.subresourceUnderTopFrameOrigins.add(mainFramePrimaryDomain).isNewEntry)
169         scheduleNotificationIfNeeded();
170 }
171
172 void ResourceLoadObserver::logUserInteractionWithReducedTimeResolution(const Document& document)
173 {
174     ASSERT(document.page());
175
176     if (!shouldLog(document.page()->usesEphemeralSession()))
177         return;
178
179     auto& url = document.url();
180     if (url.isBlankURL() || url.isEmpty())
181         return;
182
183     auto domain = primaryDomain(url);
184     auto newTime = ResourceLoadStatistics::reduceTimeResolution(WallTime::now());
185     auto lastReportedUserInteraction = m_lastReportedUserInteractionMap.get(domain);
186     if (newTime == lastReportedUserInteraction)
187         return;
188
189     m_lastReportedUserInteractionMap.set(domain, newTime);
190
191     auto& statistics = ensureResourceStatisticsForPrimaryDomain(domain);
192     statistics.hadUserInteraction = true;
193     statistics.lastSeen = newTime;
194     statistics.mostRecentUserInteractionTime = newTime;
195
196 #if HAVE(CFNETWORK_STORAGE_PARTITIONING)
197     if (auto* opener = document.frame()->loader().opener()) {
198         if (auto* openerDocument = opener->document()) {
199             if (auto* openerFrame = openerDocument->frame()) {
200                 if (auto openerPageID = openerFrame->loader().client().pageID()) {
201                     requestStorageAccessUnderOpener(domain, openerPageID.value(), *openerDocument, true);
202                 }
203             }
204         }
205     }
206 #endif
207
208     m_notificationTimer.stop();
209     notifyObserver();
210
211 #if HAVE(CFNETWORK_STORAGE_PARTITIONING) && !RELEASE_LOG_DISABLED
212     if (shouldLogUserInteraction()) {
213         auto counter = ++m_loggingCounter;
214 #define LOCAL_LOG(str, ...) \
215         RELEASE_LOG(ResourceLoadStatistics, "ResourceLoadObserver::logUserInteraction: counter = %" PRIu64 ": " str, counter, ##__VA_ARGS__)
216
217         auto escapeForJSON = [](String s) {
218             s.replace('\\', "\\\\").replace('"', "\\\"");
219             return s;
220         };
221         auto escapedURL = escapeForJSON(url.string());
222         auto escapedDomain = escapeForJSON(domain);
223
224         LOCAL_LOG(R"({ "url": "%{public}s",)", escapedURL.utf8().data());
225         LOCAL_LOG(R"(  "domain" : "%{public}s",)", escapedDomain.utf8().data());
226         LOCAL_LOG(R"(  "until" : %f })", newTime.secondsSinceEpoch().seconds());
227
228 #undef LOCAL_LOG
229     }
230 #endif
231 }
232
233 void ResourceLoadObserver::logWindowCreation(const URL& popupUrl, uint64_t openerPageID, Document& openerDocument)
234 {
235 #if HAVE(CFNETWORK_STORAGE_PARTITIONING)
236     requestStorageAccessUnderOpener(primaryDomain(popupUrl), openerPageID, openerDocument, false);
237 #else
238     UNUSED_PARAM(popupUrl);
239     UNUSED_PARAM(openerPageID);
240     UNUSED_PARAM(openerDocument);
241 #endif
242 }
243
244 #if HAVE(CFNETWORK_STORAGE_PARTITIONING)
245 void ResourceLoadObserver::requestStorageAccessUnderOpener(const String& domainInNeedOfStorageAccess, uint64_t openerPageID, Document& openerDocument, bool isTriggeredByUserGesture)
246 {
247     auto openerUrl = openerDocument.url();
248     auto openerPrimaryDomain = primaryDomain(openerUrl);
249     if (domainInNeedOfStorageAccess != openerPrimaryDomain
250         && !openerDocument.hasRequestedPageSpecificStorageAccessWithUserInteraction(domainInNeedOfStorageAccess)
251         && !equalIgnoringASCIICase(openerUrl.string(), blankURL())) {
252         m_requestStorageAccessUnderOpenerCallback(domainInNeedOfStorageAccess, openerPageID, openerPrimaryDomain, isTriggeredByUserGesture);
253         // Remember user interaction-based requests since they don't need to be repeated.
254         if (isTriggeredByUserGesture)
255             openerDocument.setHasRequestedPageSpecificStorageAccessWithUserInteraction(domainInNeedOfStorageAccess);
256     }
257 }
258 #endif
259
260 ResourceLoadStatistics& ResourceLoadObserver::ensureResourceStatisticsForPrimaryDomain(const String& primaryDomain)
261 {
262     auto addResult = m_resourceStatisticsMap.ensure(primaryDomain, [&primaryDomain] {
263         return ResourceLoadStatistics(primaryDomain);
264     });
265     return addResult.iterator->value;
266 }
267
268 void ResourceLoadObserver::scheduleNotificationIfNeeded()
269 {
270     ASSERT(m_notificationCallback);
271     if (m_resourceStatisticsMap.isEmpty()) {
272         m_notificationTimer.stop();
273         return;
274     }
275
276     if (!m_notificationTimer.isActive())
277         m_notificationTimer.startOneShot(minimumNotificationInterval);
278 }
279
280 void ResourceLoadObserver::notifyObserver()
281 {
282     ASSERT(m_notificationCallback);
283     m_notificationTimer.stop();
284     m_notificationCallback(takeStatistics());
285 }
286
287 String ResourceLoadObserver::statisticsForOrigin(const String& origin)
288 {
289     auto iter = m_resourceStatisticsMap.find(origin);
290     if (iter == m_resourceStatisticsMap.end())
291         return emptyString();
292
293     return "Statistics for " + origin + ":\n" + iter->value.toString();
294 }
295
296 Vector<ResourceLoadStatistics> ResourceLoadObserver::takeStatistics()
297 {
298     Vector<ResourceLoadStatistics> statistics;
299     statistics.reserveInitialCapacity(m_resourceStatisticsMap.size());
300     for (auto& statistic : m_resourceStatisticsMap.values())
301         statistics.uncheckedAppend(WTFMove(statistic));
302
303     m_resourceStatisticsMap.clear();
304
305     return statistics;
306 }
307
308 void ResourceLoadObserver::clearState()
309 {
310     m_notificationTimer.stop();
311     m_resourceStatisticsMap.clear();
312     m_lastReportedUserInteractionMap.clear();
313 }
314
315 URL ResourceLoadObserver::nonNullOwnerURL(const Document& document) const
316 {
317     auto url = document.url();
318     auto* frame = document.frame();
319     auto host = document.url().host();
320
321     while ((host.isNull() || host.isEmpty()) && frame && !frame->isMainFrame()) {
322         auto* ownerElement = frame->ownerElement();
323
324         ASSERT(ownerElement != nullptr);
325         
326         auto& doc = ownerElement->document();
327         frame = doc.frame();
328         url = doc.url();
329         host = url.host();
330     }
331
332     return url;
333 }
334
335 } // namespace WebCore