Source/WebCore: [Resource Timing] implementation of cross origin resouce timing restrictions.

https://bugs.webkit.org/show_bug.cgi?id=84886.

Patch by Pan Deng <pan.deng@intel.com> on 2012-12-02
Reviewed by Tony Gentilcore.

This patch implemented resource timing behaviors of cross origin. By default, detailed timing info is hided in cross origin resource timing, only startTime, duration, fetchStart and responseEnd can be observed. Exceptions are, server side allow its origin can be timing by another through a header with "timing-allow-origin" field.

Tests: http/tests/w3c/webperf/submission/Intel/resource-timing/test_resource_timing_cross_origin_resource_request.html
       http/tests/w3c/webperf/submission/Intel/resource-timing/test_resource_timing_timing_allow_cross_origin_resource_request.html

* page/Performance.cpp:
(WebCore::passesTimingAllowCheck):
(WebCore):
(WebCore::Performance::addResourceTiming):
* page/Performance.h:
(WebCore):
(Performance):
* page/PerformanceResourceTiming.cpp:
(WebCore):
* page/PerformanceResourceTiming.h:
(WebCore::PerformanceResourceTiming::create):
(PerformanceResourceTiming):

LayoutTests: [Resource Timing]Test cases of cross origin resource timing.
https://bugs.webkit.org/show_bug.cgi?id=84886.

Patch by Pan Deng <pan.deng@intel.com> on 2012-12-02
Reviewed by Tony Gentilcore.

Test cases in this patch validate resource timing behavior when cross origin request with/without "allow-timing-origin" response header.

* http/tests/w3c/webperf/resources/blank_page_green_with_allow_timing.php: Added.
* http/tests/w3c/webperf/submission/Intel/resource-timing/test_resource_timing_cross_origin_resource_request-expected.txt: Added.
* http/tests/w3c/webperf/submission/Intel/resource-timing/test_resource_timing_cross_origin_resource_request.html: Added.
* http/tests/w3c/webperf/submission/Intel/resource-timing/test_resource_timing_timing_allow_cross_origin_resource_request-expected.txt: Added.
* http/tests/w3c/webperf/submission/Intel/resource-timing/test_resource_timing_timing_allow_cross_origin_resource_request.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@136329 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent f0dfc63c
2012-12-02 Pan Deng <pan.deng@intel.com>
[Resource Timing]Test cases of cross origin resource timing.
https://bugs.webkit.org/show_bug.cgi?id=84886.
Reviewed by Tony Gentilcore.
Test cases in this patch validate resource timing behavior when cross origin request with/without "allow-timing-origin" response header.
* http/tests/w3c/webperf/resources/blank_page_green_with_allow_timing.php: Added.
* http/tests/w3c/webperf/submission/Intel/resource-timing/test_resource_timing_cross_origin_resource_request-expected.txt: Added.
* http/tests/w3c/webperf/submission/Intel/resource-timing/test_resource_timing_cross_origin_resource_request.html: Added.
* http/tests/w3c/webperf/submission/Intel/resource-timing/test_resource_timing_timing_allow_cross_origin_resource_request-expected.txt: Added.
* http/tests/w3c/webperf/submission/Intel/resource-timing/test_resource_timing_timing_allow_cross_origin_resource_request.html: Added.
2012-12-02 Justin Novosad <junov@google.com>
Fix occlusion culling logic to handle css background layer clipping
<!DOCTYPE HTML>
<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Green Test Page</title>
<?php
$origin = $_GET["origin"] ? $_GET["origin"] : "";
header("timing-allow-origin: $origin");
?>
</head>
<body style="background-color:#00FF00;">
<h1>Placeholder</h1>
</body>
</html>
Description
This test validates the values in resource timing for a cross-origin resource request.
PASS Starting document.location.hostname is correct (127.0.0.1:8000)
PASS redirectStart should be 0 in cross-origin request!
PASS redirectEnd should be 0 in cross-origin request!
PASS domainLookupStart should be 0 in cross-origin request!
PASS domainLookupEnd should be 0 in cross-origin request!
PASS connectStart should be 0 in cross-origin request!
PASS connectEnd should be 0 in cross-origin request!
PASS requestStart should be 0 in cross-origin request!
PASS responseStart should be 0 in cross-origin request!
PASS secureConnectionStart should be 0 in cross-origin request!
PASS fetchStart should be greater than 0 in cross-origin request!
PASS responseEnd should be greater than 0 in cross-origin request!
<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8" />
<title>resource timing information for cross-origin resource request</title>
<link rel="author" title="Intel" href="http://www.intel.com/" />
<link rel="help" href="http://www.w3.org/TR/resource-timing/#performanceresourcetiming"/>
<script src="/w3c/resources/testharness.js"></script>
<script src="/w3c/resources/testharnessreport.js"></script>
<script src="/w3c/webperf/resources/webperftestharness.js"></script>
<script src="/w3c/webperf/resources/webperftestharnessextension.js"></script>
<script>
setup({explicit_done: true});
var pageOrigin = "127.0.0.1:8000";
var crossOrigin = "localhost:8000";
function onload_test()
{
var context = new PerformanceContext(performance);
var entry = context.getEntriesByName(document.getElementById("frameContext").src, "resource")[0];
test_equals(entry.redirectStart, 0, "redirectStart should be 0 in cross-origin request!");
test_equals(entry.redirectEnd, 0, "redirectEnd should be 0 in cross-origin request!");
test_equals(entry.domainLookupStart, 0, "domainLookupStart should be 0 in cross-origin request!");
test_equals(entry.domainLookupEnd, 0, "domainLookupEnd should be 0 in cross-origin request!");
test_equals(entry.connectStart, 0, "connectStart should be 0 in cross-origin request!");
test_equals(entry.connectEnd, 0, "connectEnd should be 0 in cross-origin request!");
test_equals(entry.requestStart, 0, "requestStart should be 0 in cross-origin request!");
test_equals(entry.responseStart, 0, "responseStart should be 0 in cross-origin request!");
test_equals(entry.secureConnectionStart, 0, "secureConnectionStart should be 0 in cross-origin request!");
test_greater_than(entry.fetchStart, 0, "fetchStart should be greater than 0 in cross-origin request!");
test_greater_than(entry.responseEnd, 0, "responseEnd should be greater than 0 in cross-origin request!");
done();
}
</script>
</head>
<body>
<h1>Description</h1>
<p>This test validates the values in resource timing for a cross-origin resource request.</p>
<br />
<iframe id="frameContext" src="" style="width: 250px; height: 250px;"></iframe>
<script>
test_equals(document.location.host, pageOrigin, 'Starting document.location.hostname is correct (' + pageOrigin + ')');
var destUrl = 'http://' + crossOrigin + '/w3c/webperf/resources/blank_page_green.htm';
var frameContext = document.getElementById("frameContext");
frameContext.onload = onload_test;
frameContext.src = destUrl;
</script>
</body>
</html>
Description
This test validates the values in resource timing for a timing-allow-origin cross-origin resource request.
PASS Starting document.location.hostname is correct (127.0.0.1:8000)
PASS redirectStart should be 0 in cross-origin request since no redirect!
PASS redirectEnd should be 0 in cross-origin request since no redirect!
PASS domainLookupStart should not be 0 in timing-allow cross-origin request!
PASS domainLookupEnd should not be 0 in timing-allow cross-origin request!
PASS connectStart should not be 0 in timing-allow cross-origin request!
PASS connectEnd should not be 0 in timing-allow cross-origin request!
PASS requestStart should not be 0 in timing-allow cross-origin request!
PASS responseStart should not be 0 in timing-allow cross-origin request!
PASS secureConnectionStart should be 0 in cross-origin request since no ssl!
PASS fetchStart should not be 0 in timing-allow cross-origin request!
PASS responseEnd should not be 0 in timing-allow cross-origin request!
<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8" />
<title>resource timing information for cross-origin resource request with timing-allow-origin</title>
<link rel="author" title="Intel" href="http://www.intel.com/" />
<link rel="help" href="http://www.w3.org/TR/resource-timing/#performanceresourcetiming"/>
<script src="/w3c/resources/testharness.js"></script>
<script src="/w3c/resources/testharnessreport.js"></script>
<script src="/w3c/webperf/resources/webperftestharness.js"></script>
<script src="/w3c/webperf/resources/webperftestharnessextension.js"></script>
<script>
setup({explicit_done: true});
var pageOrigin = "127.0.0.1:8000";
var crossOrigin = "localhost:8000";
function onload_test()
{
var context = new PerformanceContext(performance);
var entry = context.getEntriesByName(document.getElementById("frameContext").src, "resource")[0];
test_equals(entry.redirectStart, 0, "redirectStart should be 0 in cross-origin request since no redirect!");
test_equals(entry.redirectEnd, 0, "redirectEnd should be 0 in cross-origin request since no redirect!");
test_greater_than(entry.domainLookupStart, 0, "domainLookupStart should not be 0 in timing-allow cross-origin request!");
test_greater_than(entry.domainLookupEnd, 0, "domainLookupEnd should not be 0 in timing-allow cross-origin request!");
test_greater_than(entry.connectStart, 0, "connectStart should not be 0 in timing-allow cross-origin request!");
test_greater_than(entry.connectEnd, 0, "connectEnd should not be 0 in timing-allow cross-origin request!");
test_greater_than(entry.requestStart, 0, "requestStart should not be 0 in timing-allow cross-origin request!");
test_greater_than(entry.responseStart, 0, "responseStart should not be 0 in timing-allow cross-origin request!");
test_equals(entry.secureConnectionStart, 0, "secureConnectionStart should be 0 in cross-origin request since no ssl!");
test_greater_than(entry.fetchStart, 0, "fetchStart should not be 0 in timing-allow cross-origin request!");
test_greater_than(entry.responseEnd, 0, "responseEnd should not be 0 in timing-allow cross-origin request!");
done();
}
</script>
</head>
<body>
<h1>Description</h1>
<p>This test validates the values in resource timing for a timing-allow-origin cross-origin resource request.</p>
<br />
<iframe id="frameContext" src="" style="width: 250px; height: 250px;"></iframe>
<script>
test_equals(document.location.host, pageOrigin, 'Starting document.location.hostname is correct (' + pageOrigin + ')');
var requestUrl = 'http://' + crossOrigin + '/w3c/webperf/resources/blank_page_green_with_allow_timing.php';
requestUrl += '?origin=http://' + pageOrigin;
var frameContext = document.getElementById("frameContext");
frameContext.onload = onload_test;
frameContext.src = requestUrl;
</script>
</body>
</html>
2012-12-02 Pan Deng <pan.deng@intel.com>
[Resource Timing] implementation of cross origin resouce timing restrictions.
https://bugs.webkit.org/show_bug.cgi?id=84886.
Reviewed by Tony Gentilcore.
This patch implemented resource timing behaviors of cross origin. By default, detailed timing info is hided in cross origin resource timing, only startTime, duration, fetchStart and responseEnd can be observed. Exceptions are, server side allow its origin can be timing by another through a header with "timing-allow-origin" field.
Tests: http/tests/w3c/webperf/submission/Intel/resource-timing/test_resource_timing_cross_origin_resource_request.html
http/tests/w3c/webperf/submission/Intel/resource-timing/test_resource_timing_timing_allow_cross_origin_resource_request.html
* page/Performance.cpp:
(WebCore::passesTimingAllowCheck):
(WebCore):
(WebCore::Performance::addResourceTiming):
* page/Performance.h:
(WebCore):
(Performance):
* page/PerformanceResourceTiming.cpp:
(WebCore):
* page/PerformanceResourceTiming.h:
(WebCore::PerformanceResourceTiming::create):
(PerformanceResourceTiming):
2012-12-02 Elliott Sprehn <esprehn@gmail.com>
Simplify treeScope and setTreeScope
/*
* Copyright (C) 2012 Google Inc. All rights reserved.
* Copyright (C) 2012 Intel Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
......@@ -44,17 +45,39 @@
namespace WebCore {
double monotonicTimeToDocumentMilliseconds(Document* document, double seconds)
static double monotonicTimeToDocumentMilliseconds(Document* document, double seconds)
{
ASSERT(seconds >= 0.0);
return document->loader()->timing()->monotonicTimeToZeroBasedDocumentTime(seconds) * 1000.0;
}
static bool passesTimingAllowCheck(const ResourceResponse& response, Document* requestingDocument)
{
AtomicallyInitializedStatic(AtomicString&, timingAllowOrigin = *new AtomicString("timing-allow-origin"));
const String& timingAllowOriginString = response.httpHeaderField(timingAllowOrigin);
if (timingAllowOriginString.isEmpty() || equalIgnoringCase(timingAllowOriginString, "null"))
return false;
if (timingAllowOriginString == "*")
return true;
const String& securityOrigin = requestingDocument->securityOrigin()->toString();
Vector<String> timingAllowOrigins;
timingAllowOriginString.split(" ", timingAllowOrigins);
for (size_t i = 0; i < timingAllowOrigins.size(); ++i)
if (timingAllowOrigins[i] == securityOrigin)
return true;
return false;
}
PerformanceResourceTiming::PerformanceResourceTiming(const AtomicString& initiatorType, const ResourceRequest& request, const ResourceResponse& response, double initiationTime, double finishTime, Document* requestingDocument)
: PerformanceEntry(request.url().string(), "resource", monotonicTimeToDocumentMilliseconds(requestingDocument, initiationTime), monotonicTimeToDocumentMilliseconds(requestingDocument, finishTime))
, m_initiatorType(initiatorType)
, m_timing(response.resourceLoadTiming())
, m_finishTime(finishTime)
, m_shouldReportDetails(passesTimingAllowCheck(response, requestingDocument))
, m_requestingDocument(requestingDocument)
{
}
......@@ -73,11 +96,15 @@ AtomicString PerformanceResourceTiming::initiatorType() const
double PerformanceResourceTiming::redirectStart() const
{
// FIXME: Need to track and report redirects for resources.
if (!m_shouldReportDetails)
return 0.0;
return 0;
}
double PerformanceResourceTiming::redirectEnd() const
{
if (!m_shouldReportDetails)
return 0.0;
return 0;
}
......@@ -89,6 +116,9 @@ double PerformanceResourceTiming::fetchStart() const
double PerformanceResourceTiming::domainLookupStart() const
{
if (!m_shouldReportDetails)
return 0.0;
if (!m_timing || m_timing->dnsStart < 0)
return fetchStart();
......@@ -97,6 +127,9 @@ double PerformanceResourceTiming::domainLookupStart() const
double PerformanceResourceTiming::domainLookupEnd() const
{
if (!m_shouldReportDetails)
return 0.0;
if (!m_timing || m_timing->dnsEnd < 0)
return domainLookupStart();
......@@ -105,6 +138,9 @@ double PerformanceResourceTiming::domainLookupEnd() const
double PerformanceResourceTiming::connectStart() const
{
if (!m_shouldReportDetails)
return 0.0;
if (!m_timing || m_timing->connectStart < 0) // Connection was reused.
return domainLookupEnd();
......@@ -118,6 +154,9 @@ double PerformanceResourceTiming::connectStart() const
double PerformanceResourceTiming::connectEnd() const
{
if (!m_shouldReportDetails)
return 0.0;
if (!m_timing || m_timing->connectEnd < 0) // Connection was reused.
return connectStart();
......@@ -126,6 +165,9 @@ double PerformanceResourceTiming::connectEnd() const
double PerformanceResourceTiming::secureConnectionStart() const
{
if (!m_shouldReportDetails)
return 0.0;
if (!m_timing || m_timing->sslStart < 0) // Secure connection not negotiated.
return 0.0;
......@@ -134,13 +176,20 @@ double PerformanceResourceTiming::secureConnectionStart() const
double PerformanceResourceTiming::requestStart() const
{
if (!m_shouldReportDetails)
return 0.0;
if (!m_timing)
return connectEnd();
return resourceTimeToDocumentMilliseconds(m_timing->sendStart);
}
double PerformanceResourceTiming::responseStart() const
{
if (!m_shouldReportDetails)
return 0.0;
if (!m_timing)
return requestStart();
// FIXME: This number isn't exactly correct. See the notes in PerformanceTiming::responseStart().
......@@ -149,8 +198,12 @@ double PerformanceResourceTiming::responseStart() const
double PerformanceResourceTiming::responseEnd() const
{
if (!m_shouldReportDetails)
return 0.0;
if (!m_timing)
return responseStart();
return monotonicTimeToDocumentMilliseconds(m_requestingDocument.get(), m_finishTime);
}
......
/*
* Copyright (C) 2012 Google Inc. All rights reserved.
* Copyright (C) 2012 Intel Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
......@@ -78,6 +79,7 @@ private:
AtomicString m_initiatorType;
RefPtr<ResourceLoadTiming> m_timing;
double m_finishTime;
bool m_shouldReportDetails;
RefPtr<Document> m_requestingDocument;
};
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment