[webkit-changes] [133325] trunk/Source/WebCore

Fri, 02 Nov 2012 11:53:20 -0700

Title: [133325] trunk/Source/WebCore
Revision
133325
Author
mk...@chromium.org
Date
2012-11-02 11:54:46 -0700 (Fri, 02 Nov 2012)

Log Message

Measure the usage of the various CSP headers.
https://bugs.webkit.org/show_bug.cgi?id=100974

Reviewed by Adam Barth.

Currently, we're collecting metrics regarding usage of the
'X-WebKit-CSP' and 'X-WebKit-CSP-Report-Only' HTTP headers. We've
recently added support for the canonical 'Content-Security-Policy'
and 'Content-Security-Policy-Report-Only' headers. This patch adds
those headers explicitly into the metrics, giving insight into uptake
of the unprefixed header, and into usage of pure reporting vs.
enforcement.

No visible functionality should change; all Content Security Policy
tests should continue to pass.

* page/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::didReceiveHeader):
    Convert the CSP header type into a FeatureObserver::Feature, and
    observe it.
* page/FeatureObserver.h:
    Add three new values to the enum to cover the new header types.

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (133324 => 133325)


--- trunk/Source/WebCore/ChangeLog	2012-11-02 18:53:00 UTC (rev 133324)
+++ trunk/Source/WebCore/ChangeLog	2012-11-02 18:54:46 UTC (rev 133325)
@@ -1,3 +1,28 @@
+2012-11-02  Mike West  <mk...@chromium.org>
+
+        Measure the usage of the various CSP headers.
+        https://bugs.webkit.org/show_bug.cgi?id=100974
+
+        Reviewed by Adam Barth.
+
+        Currently, we're collecting metrics regarding usage of the
+        'X-WebKit-CSP' and 'X-WebKit-CSP-Report-Only' HTTP headers. We've
+        recently added support for the canonical 'Content-Security-Policy'
+        and 'Content-Security-Policy-Report-Only' headers. This patch adds
+        those headers explicitly into the metrics, giving insight into uptake
+        of the unprefixed header, and into usage of pure reporting vs.
+        enforcement.
+
+        No visible functionality should change; all Content Security Policy
+        tests should continue to pass.
+
+        * page/ContentSecurityPolicy.cpp:
+        (WebCore::ContentSecurityPolicy::didReceiveHeader):
+            Convert the CSP header type into a FeatureObserver::Feature, and
+            observe it.
+        * page/FeatureObserver.h:
+            Add three new values to the enum to cover the new header types.
+
 2012-11-02  Ojan Vafai  <o...@chromium.org>
 
         Fix silly mistake from http://trac.webkit.org/changeset/133315.

Modified: trunk/Source/WebCore/page/ContentSecurityPolicy.cpp (133324 => 133325)


--- trunk/Source/WebCore/page/ContentSecurityPolicy.cpp	2012-11-02 18:53:00 UTC (rev 133324)
+++ trunk/Source/WebCore/page/ContentSecurityPolicy.cpp	2012-11-02 18:54:46 UTC (rev 133325)
@@ -142,6 +142,22 @@
     );
 }
 
+FeatureObserver::Feature getFeatureObserverType(ContentSecurityPolicy::HeaderType type)
+{
+    switch (type) {
+    case ContentSecurityPolicy::EnforceAllDirectives:
+        return FeatureObserver::PrefixedContentSecurityPolicy;
+    case ContentSecurityPolicy::EnforceStableDirectives:
+        return FeatureObserver::ContentSecurityPolicy;
+    case ContentSecurityPolicy::ReportAllDirectives:
+        return FeatureObserver::PrefixedContentSecurityPolicyReportOnly;
+    case ContentSecurityPolicy::ReportStableDirectives:
+        return FeatureObserver::ContentSecurityPolicyReportOnly;
+    }
+    ASSERT_NOT_REACHED();
+    return FeatureObserver::NumberOfFeatures;
+}
+
 } // namespace
 
 static bool skipExactly(const UChar*& position, const UChar* end, UChar delimiter)
@@ -1329,7 +1345,7 @@
     if (m_scriptExecutionContext->isDocument()) {
         Document* document = static_cast<Document*>(m_scriptExecutionContext);
         if (document->domWindow())
-            FeatureObserver::observe(document->domWindow(), FeatureObserver::PrefixedContentSecurityPolicy);
+            FeatureObserver::observe(document->domWindow(), getFeatureObserverType(type));
     }
 
     // RFC2616, section 4.2 specifies that headers appearing multiple times can

Modified: trunk/Source/WebCore/page/FeatureObserver.h (133324 => 133325)


--- trunk/Source/WebCore/page/FeatureObserver.h	2012-11-02 18:53:00 UTC (rev 133324)
+++ trunk/Source/WebCore/page/FeatureObserver.h	2012-11-02 18:54:46 UTC (rev 133325)
@@ -54,6 +54,9 @@
         LegacyTextNotifications,
         UnprefixedRequestAnimationFrame,
         PrefixedRequestAnimationFrame,
+        ContentSecurityPolicy,
+        ContentSecurityPolicyReportOnly,
+        PrefixedContentSecurityPolicyReportOnly,
         // Add new features above this line.
         NumberOfFeatures, // This enum value must be last.
     };

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to