Introduce and add plumbing for a website policy for meta viewport tag handling
[WebKit-https.git] / Source / WebCore / loader / ResourceTiming.cpp
1 /*
2  * Copyright (C) 2017 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
14  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
15  * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
17  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
18  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
19  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
20  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
21  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
22  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
23  * THE POSSIBILITY OF SUCH DAMAGE.
24  */
25
26 #include "config.h"
27 #include "ResourceTiming.h"
28
29 #include "CachedResource.h"
30 #include "PerformanceServerTiming.h"
31 #include "RuntimeEnabledFeatures.h"
32 #include "SecurityOrigin.h"
33 #include "ServerTimingParser.h"
34 #include <wtf/CrossThreadCopier.h>
35
36 namespace WebCore {
37
38 static bool passesTimingAllowCheck(const ResourceResponse& response, const SecurityOrigin& initiatorSecurityOrigin)
39 {
40     Ref<SecurityOrigin> resourceOrigin = SecurityOrigin::create(response.url());
41     if (resourceOrigin->isSameSchemeHostPort(initiatorSecurityOrigin))
42         return true;
43
44     const String& timingAllowOriginString = response.httpHeaderField(HTTPHeaderName::TimingAllowOrigin);
45     if (timingAllowOriginString.isEmpty() || equalLettersIgnoringASCIICase(timingAllowOriginString, "null"))
46         return false;
47
48     if (timingAllowOriginString == "*")
49         return true;
50
51     const String& securityOrigin = initiatorSecurityOrigin.toString();
52     for (auto& origin : timingAllowOriginString.split(',')) {
53         if (origin.stripWhiteSpace() == securityOrigin)
54             return true;
55     }
56
57     return false;
58 }
59
60 ResourceTiming ResourceTiming::fromCache(const URL& url, const String& initiator, const LoadTiming& loadTiming, const ResourceResponse& response, const SecurityOrigin& securityOrigin)
61 {
62     return ResourceTiming(url, initiator, loadTiming, response, securityOrigin);
63 }
64
65 ResourceTiming ResourceTiming::fromLoad(CachedResource& resource, const String& initiator, const LoadTiming& loadTiming, const NetworkLoadMetrics& networkLoadMetrics, const SecurityOrigin& securityOrigin)
66 {
67     return ResourceTiming(resource, initiator, loadTiming, networkLoadMetrics, securityOrigin);
68 }
69
70 ResourceTiming ResourceTiming::fromSynchronousLoad(const URL& url, const String& initiator, const LoadTiming& loadTiming, const NetworkLoadMetrics& networkLoadMetrics, const ResourceResponse& response, const SecurityOrigin& securityOrigin)
71 {
72     return ResourceTiming(url, initiator, loadTiming, networkLoadMetrics, response, securityOrigin);
73 }
74
75 ResourceTiming::ResourceTiming(const URL& url, const String& initiator, const LoadTiming& loadTiming, const ResourceResponse& response, const SecurityOrigin& securityOrigin)
76     : m_url(url)
77     , m_initiator(initiator)
78     , m_loadTiming(loadTiming)
79     , m_allowTimingDetails(passesTimingAllowCheck(response, securityOrigin))
80 {
81     initServerTiming(response);
82 }
83
84 ResourceTiming::ResourceTiming(CachedResource& resource, const String& initiator, const LoadTiming& loadTiming, const NetworkLoadMetrics& networkLoadMetrics, const SecurityOrigin& securityOrigin)
85     : m_url(resource.resourceRequest().url())
86     , m_initiator(initiator)
87     , m_loadTiming(loadTiming)
88     , m_networkLoadMetrics(networkLoadMetrics)
89     , m_allowTimingDetails(passesTimingAllowCheck(resource.response(), securityOrigin))
90 {
91     initServerTiming(resource.response());
92 }
93
94 ResourceTiming::ResourceTiming(const URL& url, const String& initiator, const LoadTiming& loadTiming, const NetworkLoadMetrics& networkLoadMetrics, const ResourceResponse& response, const SecurityOrigin& securityOrigin)
95     : m_url(url)
96     , m_initiator(initiator)
97     , m_loadTiming(loadTiming)
98     , m_networkLoadMetrics(networkLoadMetrics)
99     , m_allowTimingDetails(passesTimingAllowCheck(response, securityOrigin))
100 {
101     initServerTiming(response);
102 }
103
104 void ResourceTiming::initServerTiming(const ResourceResponse& response)
105 {
106     if (RuntimeEnabledFeatures::sharedFeatures().serverTimingEnabled() && m_allowTimingDetails)
107         m_serverTiming = ServerTimingParser::parseServerTiming(response.httpHeaderField(HTTPHeaderName::ServerTiming));
108 }
109
110 Vector<Ref<PerformanceServerTiming>> ResourceTiming::populateServerTiming()
111 {
112     return WTF::map(m_serverTiming, [] (auto& entry) {
113         return PerformanceServerTiming::create(WTFMove(entry.name), entry.duration, WTFMove(entry.description));
114     });
115 }
116
117 ResourceTiming ResourceTiming::isolatedCopy() const
118 {
119     return ResourceTiming(m_url.isolatedCopy(), m_initiator.isolatedCopy(), m_loadTiming.isolatedCopy(), m_networkLoadMetrics.isolatedCopy(), m_allowTimingDetails, crossThreadCopy(m_serverTiming));
120 }
121
122 } // namespace WebCore