Changeset 133325 in webkit

Timestamp:

Nov 2, 2012, 11:54:46 AM (12 years ago)

Author:

mkwst@chromium.org

Message:

Measure the usage of the various CSP headers.
​https://bugs.webkit.org/show_bug.cgi?id=100974

Reviewed by Adam Barth.

Currently, we're collecting metrics regarding usage of the
'X-WebKit-CSP' and 'X-WebKit-CSP-Report-Only' HTTP headers. We've
recently added support for the canonical 'Content-Security-Policy'
and 'Content-Security-Policy-Report-Only' headers. This patch adds
those headers explicitly into the metrics, giving insight into uptake
of the unprefixed header, and into usage of pure reporting vs.
enforcement.

No visible functionality should change; all Content Security Policy
tests should continue to pass.

• page/ContentSecurityPolicy.cpp:

(WebCore::ContentSecurityPolicy::didReceiveHeader):

Convert the CSP header type into a FeatureObserver::Feature, and
observe it.

• page/FeatureObserver.h:

Add three new values to the enum to cover the new header types.

Location:

trunk/Source/WebCore

Files:

• ChangeLog (modified) (1 diff)
• page/ContentSecurityPolicy.cpp (modified) (2 diffs)
• page/FeatureObserver.h (modified) (1 diff)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2012-11-02  Mike West  <mkwst@chromium.org>
+
+        Measure the usage of the various CSP headers.
+        https://bugs.webkit.org/show_bug.cgi?id=100974
+
+        Reviewed by Adam Barth.
+
+        Currently, we're collecting metrics regarding usage of the
+        'X-WebKit-CSP' and 'X-WebKit-CSP-Report-Only' HTTP headers. We've
+        recently added support for the canonical 'Content-Security-Policy'
+        and 'Content-Security-Policy-Report-Only' headers. This patch adds
+        those headers explicitly into the metrics, giving insight into uptake
+        of the unprefixed header, and into usage of pure reporting vs.
+        enforcement.
+
+        No visible functionality should change; all Content Security Policy
+        tests should continue to pass.
+
+        * page/ContentSecurityPolicy.cpp:
+        (WebCore::ContentSecurityPolicy::didReceiveHeader):
+            Convert the CSP header type into a FeatureObserver::Feature, and
+            observe it.
+        * page/FeatureObserver.h:
+            Add three new values to the enum to cover the new header types.
+
 2012-11-02  Ojan Vafai  <ojan@chromium.org>
 

trunk/Source/WebCore/page/ContentSecurityPolicy.cpp

@@ -141 +141 @@
 #endif
     );
+}
+
+FeatureObserver::Feature getFeatureObserverType(ContentSecurityPolicy::HeaderType type)
+{
+    switch (type) {
+    case ContentSecurityPolicy::EnforceAllDirectives:
+        return FeatureObserver::PrefixedContentSecurityPolicy;
+    case ContentSecurityPolicy::EnforceStableDirectives:
+        return FeatureObserver::ContentSecurityPolicy;
+    case ContentSecurityPolicy::ReportAllDirectives:
+        return FeatureObserver::PrefixedContentSecurityPolicyReportOnly;
+    case ContentSecurityPolicy::ReportStableDirectives:
+        return FeatureObserver::ContentSecurityPolicyReportOnly;
+    }
+    ASSERT_NOT_REACHED();
+    return FeatureObserver::NumberOfFeatures;
 }
 
@@ -1330 +1346 @@
         Document* document = static_cast<Document*>(m_scriptExecutionContext);
         if (document->domWindow())
-            FeatureObserver::observe(document->domWindow(), FeatureObserver::PrefixedContentSecurityPolicy);
+            FeatureObserver::observe(document->domWindow(), getFeatureObserverType(type));
     }
 

trunk/Source/WebCore/page/FeatureObserver.h

@@ -55 +55 @@
         UnprefixedRequestAnimationFrame,
         PrefixedRequestAnimationFrame,
+        ContentSecurityPolicy,
+        ContentSecurityPolicyReportOnly,
+        PrefixedContentSecurityPolicyReportOnly,
         // Add new features above this line.
         NumberOfFeatures, // This enum value must be last.