summaryrefslogtreecommitdiff
path: root/chromium/third_party/blink/renderer/core/timing/performance_navigation_timing.cc
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/third_party/blink/renderer/core/timing/performance_navigation_timing.cc')
-rw-r--r--chromium/third_party/blink/renderer/core/timing/performance_navigation_timing.cc44
1 files changed, 38 insertions, 6 deletions
diff --git a/chromium/third_party/blink/renderer/core/timing/performance_navigation_timing.cc b/chromium/third_party/blink/renderer/core/timing/performance_navigation_timing.cc
index 909fd4100a8..d0934bef6dc 100644
--- a/chromium/third_party/blink/renderer/core/timing/performance_navigation_timing.cc
+++ b/chromium/third_party/blink/renderer/core/timing/performance_navigation_timing.cc
@@ -13,23 +13,54 @@
#include "third_party/blink/renderer/core/performance_entry_names.h"
#include "third_party/blink/renderer/core/timing/performance.h"
#include "third_party/blink/renderer/platform/loader/fetch/resource_timing_info.h"
+#include "third_party/blink/renderer/platform/weborigin/kurl.h"
namespace blink {
+namespace {
+
+bool PassesSameOriginCheck(const ResourceResponse& response,
+ const SecurityOrigin& initiator_security_origin) {
+ const KURL& response_url = response.ResponseUrl();
+ scoped_refptr<const SecurityOrigin> resource_origin =
+ SecurityOrigin::Create(response_url);
+ return resource_origin->IsSameSchemeHostPort(&initiator_security_origin);
+}
+
+bool AllowNavigationTimingRedirect(
+ const Vector<ResourceResponse>& redirect_chain,
+ const ResourceResponse& final_response,
+ const SecurityOrigin& initiator_security_origin) {
+ if (!PassesSameOriginCheck(final_response, initiator_security_origin)) {
+ return false;
+ }
+
+ for (const ResourceResponse& response : redirect_chain) {
+ if (!PassesSameOriginCheck(response, initiator_security_origin))
+ return false;
+ }
+
+ return true;
+}
+
+} // namespace
+
PerformanceNavigationTiming::PerformanceNavigationTiming(
LocalFrame* frame,
ResourceTimingInfo* info,
- TimeTicks time_origin,
+ base::TimeTicks time_origin,
const WebVector<WebServerTimingInfo>& server_timing)
: PerformanceResourceTiming(
info ? AtomicString(
info->FinalResponse().CurrentRequestUrl().GetString())
: g_empty_atom,
time_origin,
+ SecurityOrigin::IsSecure(frame->GetDocument()->Url()),
server_timing),
ContextClient(frame),
resource_timing_info_(info) {
DCHECK(frame);
+ DCHECK(frame->GetDocument());
DCHECK(info);
}
@@ -119,17 +150,18 @@ AtomicString PerformanceNavigationTiming::initiatorType() const {
}
bool PerformanceNavigationTiming::GetAllowRedirectDetails() const {
- ExecutionContext* context = GetFrame() ? GetFrame()->GetDocument() : nullptr;
- const SecurityOrigin* security_origin = nullptr;
+ blink::ExecutionContext* context =
+ GetFrame() ? GetFrame()->GetDocument() : nullptr;
+ const blink::SecurityOrigin* security_origin = nullptr;
if (context)
security_origin = context->GetSecurityOrigin();
if (!security_origin)
return false;
// TODO(sunjian): Think about how to make this flag deterministic.
// crbug/693183.
- return Performance::AllowsTimingRedirect(
- resource_timing_info_->RedirectChain(),
- resource_timing_info_->FinalResponse(), *security_origin, context);
+ return AllowNavigationTimingRedirect(resource_timing_info_->RedirectChain(),
+ resource_timing_info_->FinalResponse(),
+ *security_origin);
}
AtomicString PerformanceNavigationTiming::AlpnNegotiatedProtocol() const {
View Lorry Controller Status