diff options
Diffstat (limited to 'chromium/third_party/blink/renderer/core/timing/performance_navigation_timing.cc')
-rw-r--r-- | chromium/third_party/blink/renderer/core/timing/performance_navigation_timing.cc | 44 |
1 files changed, 38 insertions, 6 deletions
diff --git a/chromium/third_party/blink/renderer/core/timing/performance_navigation_timing.cc b/chromium/third_party/blink/renderer/core/timing/performance_navigation_timing.cc index 909fd4100a8..d0934bef6dc 100644 --- a/chromium/third_party/blink/renderer/core/timing/performance_navigation_timing.cc +++ b/chromium/third_party/blink/renderer/core/timing/performance_navigation_timing.cc @@ -13,23 +13,54 @@ #include "third_party/blink/renderer/core/performance_entry_names.h" #include "third_party/blink/renderer/core/timing/performance.h" #include "third_party/blink/renderer/platform/loader/fetch/resource_timing_info.h" +#include "third_party/blink/renderer/platform/weborigin/kurl.h" namespace blink { +namespace { + +bool PassesSameOriginCheck(const ResourceResponse& response, + const SecurityOrigin& initiator_security_origin) { + const KURL& response_url = response.ResponseUrl(); + scoped_refptr<const SecurityOrigin> resource_origin = + SecurityOrigin::Create(response_url); + return resource_origin->IsSameSchemeHostPort(&initiator_security_origin); +} + +bool AllowNavigationTimingRedirect( + const Vector<ResourceResponse>& redirect_chain, + const ResourceResponse& final_response, + const SecurityOrigin& initiator_security_origin) { + if (!PassesSameOriginCheck(final_response, initiator_security_origin)) { + return false; + } + + for (const ResourceResponse& response : redirect_chain) { + if (!PassesSameOriginCheck(response, initiator_security_origin)) + return false; + } + + return true; +} + +} // namespace + PerformanceNavigationTiming::PerformanceNavigationTiming( LocalFrame* frame, ResourceTimingInfo* info, - TimeTicks time_origin, + base::TimeTicks time_origin, const WebVector<WebServerTimingInfo>& server_timing) : PerformanceResourceTiming( info ? AtomicString( info->FinalResponse().CurrentRequestUrl().GetString()) : g_empty_atom, time_origin, + SecurityOrigin::IsSecure(frame->GetDocument()->Url()), server_timing), ContextClient(frame), resource_timing_info_(info) { DCHECK(frame); + DCHECK(frame->GetDocument()); DCHECK(info); } @@ -119,17 +150,18 @@ AtomicString PerformanceNavigationTiming::initiatorType() const { } bool PerformanceNavigationTiming::GetAllowRedirectDetails() const { - ExecutionContext* context = GetFrame() ? GetFrame()->GetDocument() : nullptr; - const SecurityOrigin* security_origin = nullptr; + blink::ExecutionContext* context = + GetFrame() ? GetFrame()->GetDocument() : nullptr; + const blink::SecurityOrigin* security_origin = nullptr; if (context) security_origin = context->GetSecurityOrigin(); if (!security_origin) return false; // TODO(sunjian): Think about how to make this flag deterministic. // crbug/693183. - return Performance::AllowsTimingRedirect( - resource_timing_info_->RedirectChain(), - resource_timing_info_->FinalResponse(), *security_origin, context); + return AllowNavigationTimingRedirect(resource_timing_info_->RedirectChain(), + resource_timing_info_->FinalResponse(), + *security_origin); } AtomicString PerformanceNavigationTiming::AlpnNegotiatedProtocol() const { |