1/*
2 * Copyright (C) 2017 Apple Inc. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
14 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
15 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
17 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
18 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
19 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
20 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
21 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
22 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
23 * THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#include "config.h"
27#include "ResourceTiming.h"
28
29#include "CachedResource.h"
30#include "PerformanceServerTiming.h"
31#include "RuntimeEnabledFeatures.h"
32#include "SecurityOrigin.h"
33#include "ServerTimingParser.h"
34#include <wtf/CrossThreadCopier.h>
35
36namespace WebCore {
37
38static bool passesTimingAllowCheck(const ResourceResponse& response, const SecurityOrigin& initiatorSecurityOrigin)
39{
40 Ref<SecurityOrigin> resourceOrigin = SecurityOrigin::create(response.url());
41 if (resourceOrigin->isSameSchemeHostPort(initiatorSecurityOrigin))
42 return true;
43
44 const String& timingAllowOriginString = response.httpHeaderField(HTTPHeaderName::TimingAllowOrigin);
45 if (timingAllowOriginString.isEmpty() || equalLettersIgnoringASCIICase(timingAllowOriginString, "null"))
46 return false;
47
48 if (timingAllowOriginString == "*")
49 return true;
50
51 const String& securityOrigin = initiatorSecurityOrigin.toString();
52 for (auto& origin : timingAllowOriginString.split(',')) {
53 if (origin.stripWhiteSpace() == securityOrigin)
54 return true;
55 }
56
57 return false;
58}
59
60ResourceTiming ResourceTiming::fromCache(const URL& url, const String& initiator, const LoadTiming& loadTiming, const ResourceResponse& response, const SecurityOrigin& securityOrigin)
61{
62 return ResourceTiming(url, initiator, loadTiming, response, securityOrigin);
63}
64
65ResourceTiming ResourceTiming::fromLoad(CachedResource& resource, const String& initiator, const LoadTiming& loadTiming, const NetworkLoadMetrics& networkLoadMetrics, const SecurityOrigin& securityOrigin)
66{
67 return ResourceTiming(resource, initiator, loadTiming, networkLoadMetrics, securityOrigin);
68}
69
70ResourceTiming ResourceTiming::fromSynchronousLoad(const URL& url, const String& initiator, const LoadTiming& loadTiming, const NetworkLoadMetrics& networkLoadMetrics, const ResourceResponse& response, const SecurityOrigin& securityOrigin)
71{
72 return ResourceTiming(url, initiator, loadTiming, networkLoadMetrics, response, securityOrigin);
73}
74
75ResourceTiming::ResourceTiming(const URL& url, const String& initiator, const LoadTiming& loadTiming, const ResourceResponse& response, const SecurityOrigin& securityOrigin)
76 : m_url(url)
77 , m_initiator(initiator)
78 , m_loadTiming(loadTiming)
79 , m_allowTimingDetails(passesTimingAllowCheck(response, securityOrigin))
80{
81 initServerTiming(response);
82}
83
84ResourceTiming::ResourceTiming(CachedResource& resource, const String& initiator, const LoadTiming& loadTiming, const NetworkLoadMetrics& networkLoadMetrics, const SecurityOrigin& securityOrigin)
85 : m_url(resource.resourceRequest().url())
86 , m_initiator(initiator)
87 , m_loadTiming(loadTiming)
88 , m_networkLoadMetrics(networkLoadMetrics)
89 , m_allowTimingDetails(passesTimingAllowCheck(resource.response(), securityOrigin))
90{
91 initServerTiming(resource.response());
92}
93
94ResourceTiming::ResourceTiming(const URL& url, const String& initiator, const LoadTiming& loadTiming, const NetworkLoadMetrics& networkLoadMetrics, const ResourceResponse& response, const SecurityOrigin& securityOrigin)
95 : m_url(url)
96 , m_initiator(initiator)
97 , m_loadTiming(loadTiming)
98 , m_networkLoadMetrics(networkLoadMetrics)
99 , m_allowTimingDetails(passesTimingAllowCheck(response, securityOrigin))
100{
101 initServerTiming(response);
102}
103
104void ResourceTiming::initServerTiming(const ResourceResponse& response)
105{
106 if (RuntimeEnabledFeatures::sharedFeatures().serverTimingEnabled() && m_allowTimingDetails)
107 m_serverTiming = ServerTimingParser::parseServerTiming(response.httpHeaderField(HTTPHeaderName::ServerTiming));
108}
109
110Vector<Ref<PerformanceServerTiming>> ResourceTiming::populateServerTiming()
111{
112 return WTF::map(m_serverTiming, [] (auto& entry) {
113 return PerformanceServerTiming::create(WTFMove(entry.name), entry.duration, WTFMove(entry.description));
114 });
115}
116
117ResourceTiming ResourceTiming::isolatedCopy() const
118{
119 return ResourceTiming(m_url.isolatedCopy(), m_initiator.isolatedCopy(), m_loadTiming.isolatedCopy(), m_networkLoadMetrics.isolatedCopy(), m_allowTimingDetails, crossThreadCopy(m_serverTiming));
120}
121
122} // namespace WebCore
123