Issue 22254005: UMA data collector for cross-site documents(XSD)

Issue 22254005: UMA data collector for cross-site documents(XSD) (Closed)

Created:
7 years, 4 months ago by dsjang

Modified:
7 years, 3 months ago

Reviewers:
Charlie Reis, darin (slow to review), nasko, awong

CC:
chromium-reviews, joi+watch-content_chromium.org, darin-cc_chromium.org, jam

Base URL:
https://chromium.googlesource.com/chromium/src.git@lkgr

Visibility:
Public.

More Reviews

Description

UMA data collector for cross-site documents(XSD) Intercept cross-site documents and apply a couple of blocking filters to measure how our cross-site document blocking policy affects the renderer behavior. This doesn't actually block anything, but just records UMA data about how these filters work. It does three things: 1) whitelists legitimate XSDs (responses with whitelisted mime types or with valid CORS headers) 2) applies an appropriate content sniffing algorithm depending on the mime type of the response, 3) if it is sniffed as a blocked document, reports its status code and the context (img, script, etc) where the request is originally issued to measure the compatibility impact of the blocking. BUG=268640 Related Doc: https://docs.google.com/a/google.com/document/d/1nB3GruRqQmtA7OPZZAhWOsZDvfWpYpKQXE3cxGxTVfs/edit Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=219383

Patch Set 1 #

Total comments: 41

Patch Set 2 : The formatting of weburlloader_impl.cc is reverted #

Patch Set 3 : feedback applied, scheme whitelisting is switched to blacklisting # #

Patch Set 4 : switched to using UMA_HISTOGRAM_ENUMERATION from COUNTS #

Total comments: 19

Patch Set 5 : UMA Bucket names are reorganized. #

Total comments: 56

Patch Set 6 : Comments & style have been updated. #

Total comments: 133

Patch Set 7 : Change the way that static globals are handled #

Patch Set 8 : Merge lkgr into local branch #

Total comments: 63

Patch Set 9 : "X-Content-Type-Options: nosniff" rule is added. #

Total comments: 8

Patch Set 10 : Revise comments and use lowercaseequls for "nosniff" value #

Total comments: 14

Patch Set 11 : Move from /webkit to /content and include <!-- for HTML sniffing #

Patch Set 12 : Converted into Peer wrapping real Peer in IPCResourceLoaderBridge #

Patch Set 13 : nitpick change #

Patch Set 14 : a problem with refcounted is fixed #

Total comments: 14

Patch Set 15 : ResourceDispatcher uses SiteIsolationPolicy as the outermost Peer #

Total comments: 8

Patch Set 16 : SiteIsolationPolicy turns static again #

Patch Set 17 : blocking code gets simpler and testcase is moved to /content #

Total comments: 60

Patch Set 18 : Comments and naming are improved #

Patch Set 19 : Names are corrected #

Total comments: 2

Patch Set 20 : Blocking code is moved to SiteIsolationPolicy from ResourceDispatcher. #

Total comments: 4

Patch Set 21 : Comments are updated to be better #

Patch Set 22 : Fix copyright notice. #

Patch Set 23 : Disable tests on Android #

Patch Set 24 : fix compile error #

Total comments: 13

Created: 7 years, 4 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+1180 lines, -9 lines)			Patch
M	content/browser/renderer_host/render_process_host_impl.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17	1 chunk	+1 line, -0 lines	0 comments	Download
M	content/child/request_extra_data.h	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15	3 chunks	+3 lines, -0 lines	0 comments	Download
M	content/child/request_extra_data.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15	2 chunks	+2 lines, -0 lines	0 comments	Download
M	content/child/resource_dispatcher.h	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17	3 chunks	+7 lines, -0 lines	0 comments	Download
M	content/child/resource_dispatcher.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19	12 chunks	+41 lines, -6 lines	0 comments	Download
M	content/child/resource_dispatcher_unittest.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17	1 chunk	+2 lines, -1 line	0 comments	Download
A	content/child/site_isolation_policy.h	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21	1 chunk	+179 lines, -0 lines	1 comment	Download
A	content/child/site_isolation_policy.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20	1 chunk	+561 lines, -0 lines	12 comments	Download
A	content/child/site_isolation_policy_browsertest.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23	1 chunk	+106 lines, -0 lines	0 comments	Download
A	content/child/site_isolation_policy_unittest.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20	1 chunk	+125 lines, -0 lines	0 comments	Download
M	content/content_child.gypi	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22	1 chunk	+2 lines, -0 lines	0 comments	Download
M	content/content_tests.gypi	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23	2 chunks	+2 lines, -0 lines	0 comments	Download
M	content/public/common/content_switches.h	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22	2 chunks	+2 lines, -1 line	0 comments	Download
M	content/public/common/content_switches.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22	1 chunk	+6 lines, -0 lines	0 comments	Download
M	content/renderer/render_frame_impl.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22	1 chunk	+1 line, -0 lines	0 comments	Download
A	content/test/data/cross_site_document_request.html	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17	1 chunk	+81 lines, -0 lines	0 comments	Download
A	content/test/data/cross_site_document_request_target.html	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17	1 chunk	+39 lines, -0 lines	0 comments	Download
A	content/test/data/site_isolation/comment_js.html	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17	1 chunk	+2 lines, -0 lines	0 comments	Download
A	content/test/data/site_isolation/comment_valid.html	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17	1 chunk	+2 lines, -0 lines	0 comments	Download
A	content/test/data/site_isolation/html.txt	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17	1 chunk	+1 line, -0 lines	0 comments	Download
A	content/test/data/site_isolation/img.html	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17	1 chunk	+1 line, -0 lines	0 comments	Download
A	content/test/data/site_isolation/img.json	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17	1 chunk	+1 line, -0 lines	0 comments	Download
A	content/test/data/site_isolation/img.txt	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17	1 chunk	+1 line, -0 lines	0 comments	Download
A	content/test/data/site_isolation/img.xml	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17	1 chunk	+1 line, -0 lines	0 comments	Download
A	content/test/data/site_isolation/js.html	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16	1 chunk	+1 line, -0 lines	0 comments	Download
A	content/test/data/site_isolation/js.json	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16	1 chunk	+1 line, -0 lines	0 comments	Download
A	content/test/data/site_isolation/js.txt	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16	1 chunk	+1 line, -0 lines	0 comments	Download
A	content/test/data/site_isolation/js.xml	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16	1 chunk	+1 line, -0 lines	0 comments	Download
A	content/test/data/site_isolation/json.txt	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16	1 chunk	+1 line, -0 lines	0 comments	Download
A	content/test/data/site_isolation/valid.html	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17	1 chunk	+1 line, -0 lines	0 comments	Download
A	content/test/data/site_isolation/valid.json	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16	1 chunk	+1 line, -0 lines	0 comments	Download
A	content/test/data/site_isolation/valid.xml	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16	1 chunk	+1 line, -0 lines	0 comments	Download
A	content/test/data/site_isolation/xml.txt	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16	1 chunk	+1 line, -0 lines	0 comments	Download
M	net/tools/testserver/testserver.py	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22	1 chunk	+1 line, -0 lines	0 comments	Download
M	webkit/child/resource_loader_bridge.h	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15	1 chunk	+1 line, -1 line	0 comments	Download

Messages

Total messages: 38 (0 generated)

Expand Messages | Collapse Messages

dsjang

Disruptive formatting in weburlloader_impl.cc has been reverted.

7 years, 4 months ago (2013-08-06 16:48:59 UTC) #2

nasko

A bunch of comments. I will review the weburlloader_impl.cc in the properly formatted way later. ...

7 years, 4 months ago (2013-08-06 17:29:27 UTC) #3

dsjang

Nasko's feedback has been applied. Scheme whitelisting is switched to blacklisting(http,https). https://codereview.chromium.org/22254005/diff/1/webkit/child/site_isolation_policy.cc File webkit/child/site_isolation_policy.cc (right): ...

7 years, 4 months ago (2013-08-07 00:19:06 UTC) #4

Nasko's	feedback has been applied. Scheme whitelisting is switched to
blacklisting(http,https).

https://codereview.chromium.org/22254005/diff/1/webkit/child/site_isolation_p...
File webkit/child/site_isolation_policy.cc (right):

https://codereview.chromium.org/22254005/diff/1/webkit/child/site_isolation_p...
webkit/child/site_isolation_policy.cc:30: std::map<unsigned,
WebURLRequest::TargetType>
On 2013/08/06 17:29:27, nasko wrote:
> Why are these needed in this file? They are already in the header as private
> variables.

Done.

https://codereview.chromium.org/22254005/diff/1/webkit/child/site_isolation_p...
webkit/child/site_isolation_policy.cc:56: 
On 2013/08/06 17:29:27, nasko wrote:
> nit: no need for empty line here.

Done.

https://codereview.chromium.org/22254005/diff/1/webkit/child/site_isolation_p...
webkit/child/site_isolation_policy.cc:100: LOG(INFO) <<
"SiteIsolationPolicy.CorsisSafe:";
On 2013/08/06 17:29:27, nasko wrote:
> nit: CorsIsSafe

Done.

https://codereview.chromium.org/22254005/diff/1/webkit/child/site_isolation_p...
webkit/child/site_isolation_policy.cc:107: //
XSDP.All.NNav.NSafeScheme.NSMIMEType.NSCORS.%MIMECODE from now
On 2013/08/06 17:29:27, nasko wrote:
> What is the meaning of this string? Putting a comment that outlines how the
UMA
> stats are organized and their meaning will be very very useful. Without that,
> I'm somewhat lost in subsequent code.

Done.

https://codereview.chromium.org/22254005/diff/1/webkit/child/site_isolation_p...
webkit/child/site_isolation_policy.cc:132: if
(url_responsedata_map_.count(response_url_str) == 0)
url_responsedata_map_ only maintains url for cross-site responses detected by
DidReceiveResponse(). Therefore, if the url for received data does not exist in
url_responsedata_map_, it means that this data is not for a cross-site response.
So we skip the check.

On 2013/08/06 17:29:27, nasko wrote:
> Is this a valid case? When will we have seen a request, but receive no
response?

https://codereview.chromium.org/22254005/diff/1/webkit/child/site_isolation_p...
webkit/child/site_isolation_policy.cc:264: StringToLowerASCII(&mime_type);
I found that all the crawled mime types are originally lowercase on the top 50k
sites. And existing mime type handling code doesn't do lowercasing. I'll remove
the StringToLowerASCII call entirely here.

On 2013/08/06 17:29:27, nasko wrote:
> The mime_type string is UTF8, yet you are using ASCII function. This doesn't
> seem right.

https://codereview.chromium.org/22254005/diff/1/webkit/child/site_isolation_p...
webkit/child/site_isolation_policy.cc:271: if (!strcmp(document_mime_types[i],
mime_type.data())) {
Switched to std::string::operator==().

On 2013/08/06 17:29:27, nasko wrote:
> This is unsafe comparison, you should be bounding memory access by the size of
> the inputs.

https://codereview.chromium.org/22254005/diff/1/webkit/child/site_isolation_p...
webkit/child/site_isolation_policy.cc:276: if (i == 0) {
On 2013/08/06 17:29:27, nasko wrote:
> Using constants like these seems unclean to me. Is there a better way to
> structure this?

Done.

https://codereview.chromium.org/22254005/diff/1/webkit/child/site_isolation_p...
webkit/child/site_isolation_policy.cc:289: bool
SiteIsolationPolicy::IsSafeScheme(GURL& url) {
Switched to blacklisting from whitelisting.

On 2013/08/06 17:29:27, nasko wrote:
> What about blob URLs? Are those safe too?

https://codereview.chromium.org/22254005/diff/1/webkit/child/site_isolation_p...
webkit/child/site_isolation_policy.cc:302:
net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES);
I thought allowing private registries here enables sites to use a finer
definition of sites. Knowing SiteIsolation is using only the public registry,
I'll switch to the public one.

On 2013/08/06 17:29:27, nasko wrote:
> Is there a reason we are deviating from how SiteInstance does same site
checks?
> The code there does exclude private registries.

https://codereview.chromium.org/22254005/diff/1/webkit/child/site_isolation_p...
webkit/child/site_isolation_policy.cc:311: bool
SiteIsolationPolicy::IsFrameNotCommitted(WebKit::WebFrame* frame) {
On 2013/08/06 17:29:27, nasko wrote:
> This name is a bit confusing, can you put a description for it?

Done.

https://codereview.chromium.org/22254005/diff/1/webkit/child/site_isolation_p...
webkit/child/site_isolation_policy.cc:327: // Strip quotes off from it. This is
non-standard practice, but many
On 2013/08/06 17:29:27, nasko wrote:
> Don't we have code that parses the header that we can reuse? I'm always
worried
> about duplicating parsing logic.

Done.

https://codereview.chromium.org/22254005/diff/1/webkit/child/site_isolation_p...
webkit/child/site_isolation_policy.cc:344: if (access_control_origin == "*")
Yes, it has to be incorporated here in the future, but we allow for them to pass
here even thought they can be blocked by the actual CORS policy.

On 2013/08/06 17:29:27, nasko wrote:
> You talk about cookie-tagged requests, but there is no such check. Am I
missing
> something?

https://codereview.chromium.org/22254005/diff/1/webkit/child/site_isolation_p...
webkit/child/site_isolation_policy.cc:349: // correct. If this doesn't start
with a scheme(http://, https://),
This was actually scarily wrong :-). I found out the Blink's CORS implemtation
doesn't allow it. This code will be gone too.

On 2013/08/06 17:29:27, nasko wrote:
> This sounds scary. Is this correct?

https://codereview.chromium.org/22254005/diff/1/webkit/child/site_isolation_p...
webkit/child/site_isolation_policy.cc:426: state = 1;
On 2013/08/06 17:29:27, nasko wrote:
> Please use symbolic names or describe what those numbers mean.

Done.

https://codereview.chromium.org/22254005/diff/1/webkit/child/site_isolation_p...
File webkit/child/site_isolation_policy.h (right):

https://codereview.chromium.org/22254005/diff/1/webkit/child/site_isolation_p...
webkit/child/site_isolation_policy.h:73: static void DidReceiveData(const char*
payload,
On 2013/08/06 17:29:27, nasko wrote:
> Why is this method without a comment? It seems out of place when the rest have
> very detailed comments.

Done.

https://codereview.chromium.org/22254005/diff/1/webkit/child/site_isolation_p...
webkit/child/site_isolation_policy.h:90: // Returns if this response's scheme is
not security relevant. For
On 2013/08/06 17:29:27, nasko wrote:
> nit: s/if/whether/ here and all the following comments of the same form.

Done.

https://codereview.chromium.org/22254005/diff/1/webkit/child/site_isolation_p...
webkit/child/site_isolation_policy.h:91: // example, this returns true for data:
On 2013/08/06 17:29:27, nasko wrote:
> Really? It returns a type according to the declaration, not a boolean.

Done.

https://codereview.chromium.org/22254005/diff/1/webkit/child/site_isolation_p...
webkit/child/site_isolation_policy.h:127: static std::map<unsigned,
WebURLRequest::TargetType> id_target_map_;
Decided to leave "unsigned" unchanged to be consistent with existing code.

On 2013/08/06 17:29:27, nasko wrote:
> Be explicit in type declaration. unsigned what?

https://codereview.chromium.org/22254005/diff/1/webkit/child/site_isolation_p...
webkit/child/site_isolation_policy.h:135: static std::map<unsigned, std::string>
id_url_map_;
Decided to leave "unsigned" unchanged to be consistent with existing code.

On 2013/08/06 17:29:27, nasko wrote:
> Same here, be explicit.

Charlie Reis

Just from an initial glance, I think we need to step back and talk about ...

7 years, 4 months ago (2013-08-07 21:02:02 UTC) #5

dsjang

Bucket names are reorganized. https://codereview.chromium.org/22254005/diff/20001/content/renderer/render_frame_impl.cc File content/renderer/render_frame_impl.cc (right): https://codereview.chromium.org/22254005/diff/20001/content/renderer/render_frame_impl.cc#newcode76 content/renderer/render_frame_impl.cc:76: using webkit_glue::SiteIsolationPolicy; On 2013/08/07 21:02:02, ...

7 years, 4 months ago (2013-08-08 21:21:00 UTC) #6

Charlie Reis

I'm only up to the macros, but here's my review comments so far. I can ...

7 years, 4 months ago (2013-08-09 00:39:02 UTC) #7

dsjang

https://codereview.chromium.org/22254005/diff/26001/content/renderer/render_frame_impl.cc File content/renderer/render_frame_impl.cc (right): https://codereview.chromium.org/22254005/diff/26001/content/renderer/render_frame_impl.cc#newcode621 content/renderer/render_frame_impl.cc:621: // Calling this will do bookkeeping of an object ...

7 years, 4 months ago (2013-08-09 01:31:23 UTC) #8

Charlie Reis

Thanks! More comments on the rest below. I agree with Nasko that it would help ...

7 years, 4 months ago (2013-08-09 18:48:38 UTC) #9

nasko

Looks much better! The one thing I haven't done is verify your state machine for ...

7 years, 4 months ago (2013-08-09 19:07:28 UTC) #10

dsjang

Change the way that static globals are handled to be compatible with Clang++ rules & ...

7 years, 4 months ago (2013-08-12 22:56:17 UTC) #11

Charlie Reis

Thanks for all the changes. Looks like there were some missed comments from last time, ...

7 years, 4 months ago (2013-08-13 00:53:19 UTC) #12

dsjang

More test cases are added and code formatting & comments are improved. https://codereview.chromium.org/22254005/diff/32001/webkit/child/site_isolation_policy_unittest.cc File webkit/child/site_isolation_policy_unittest.cc ...

7 years, 4 months ago (2013-08-13 20:54:48 UTC) #13

Charlie Reis

LGTM with nits. I think you can send it to Darin once these are fixed. ...

7 years, 4 months ago (2013-08-13 21:09:03 UTC) #14

dsjang

darin: the goal of this CL is described in detail at the end of this ...

7 years, 4 months ago (2013-08-13 21:49:52 UTC) #15

darin (slow to review)

https://codereview.chromium.org/22254005/diff/77001/webkit/child/site_isolation_policy.cc File webkit/child/site_isolation_policy.cc (right): https://codereview.chromium.org/22254005/diff/77001/webkit/child/site_isolation_policy.cc#newcode122 webkit/child/site_isolation_policy.cc:122: #define SITE_ISOLATION_POLICY_COUNT_BLOCK(BUCKET_PREFIX) \ nit: Can you do all of ...

7 years, 4 months ago (2013-08-14 05:23:26 UTC) #16

dsjang

As darin suggested, site_isolation_policy.cc is moved to /content/child. I'd like to get reviews about the ...

7 years, 4 months ago (2013-08-14 20:47:03 UTC) #17

As darin suggested, site_isolation_policy.cc is moved to /content/child. I'd
like to get reviews about the hooking code in resource_dispatcher.* and the code
dealing with "<!--" for HTML sniffing in SiteIsolationPolicy::SniffForHTML().

https://codereview.chromium.org/22254005/diff/77001/webkit/child/site_isolati...
File webkit/child/site_isolation_policy.cc (right):

https://codereview.chromium.org/22254005/diff/77001/webkit/child/site_isolati...
webkit/child/site_isolation_policy.cc:122: #define
SITE_ISOLATION_POLICY_COUNT_BLOCK(BUCKET_PREFIX) \
We're forced to use a constant string bucket name for UMA_HISTOGRAM_COUNTS in my
experience. I looked at the code of histogram, and I couldn't find any way to
use a variable string for a bucket name. Please let me know if there's a way.

On 2013/08/14 05:23:27, darin wrote:
> nit: Can you do all of this without macros?  Even if it means doing some
string
> concatenation at runtime, I suspect it'll be worth making the code more
> readable.

https://codereview.chromium.org/22254005/diff/77001/webkit/child/site_isolati...
webkit/child/site_isolation_policy.cc:283: static const char kTextHtml[] =
"text/html";
On 2013/08/14 05:23:27, darin wrote:
> nit: for constants like these, it is more canonical to put them at file scope
in
> an anonymous namespace sans static keyword.

Done.

https://codereview.chromium.org/22254005/diff/77001/webkit/child/site_isolati...
webkit/child/site_isolation_policy.cc:296: } else if
(LowerCaseEqualsASCII(mime_type, kTextPlain)) {
On 2013/08/14 05:23:27, darin wrote:
> nit: no need for "else" after "return"

Done.

https://codereview.chromium.org/22254005/diff/77001/webkit/child/site_isolati...
File webkit/child/site_isolation_policy.h (right):

https://codereview.chromium.org/22254005/diff/77001/webkit/child/site_isolati...
webkit/child/site_isolation_policy.h:17: using WebKit::WebFrame;
On 2013/08/14 05:23:27, darin wrote:
> nit: using declarations are not allowed in header files as they pollute other
> .cc files.

Done.

https://codereview.chromium.org/22254005/diff/77001/webkit/child/site_isolati...
webkit/child/site_isolation_policy.h:57: struct ResponseMetaData {
On 2013/08/14 05:23:27, darin wrote:
> nit: Perhaps this should be inside an internal namespace or made an inner
class
> of SiteIsolationPolicy since it is not intended as public API?

Done.

https://codereview.chromium.org/22254005/diff/77001/webkit/child/weburlloader...
File webkit/child/weburlloader_impl.cc (right):

https://codereview.chromium.org/22254005/diff/77001/webkit/child/weburlloader...
webkit/child/weburlloader_impl.cc:34: #include
"webkit/child/site_isolation_policy.h"
On 2013/08/14 05:23:27, darin wrote:
> We are trying not to add more code to src/webkit/ as it is all intended to be
> moved to src/content/, so this change is creating more work for someone.
> 
> Of course it would be a layering violation to call code from src/content/ in
> src/webkit/.
> 
> One idea would be to move your metrics gathering to src/content/ entirely.  I
> think you could easily move this code to
> src/content/child/resource_dispatcher.cc, and then the site_isolation_policy
> would be able to be src/content/ as well.

Done.

https://codereview.chromium.org/22254005/diff/77001/webkit/child/weburlloader...
webkit/child/weburlloader_impl.cc:378: // TODO(dsjang): A temporary hack to
connect the lastest response observed by
On 2013/08/14 05:23:27, darin wrote:
> nit: lastest -> latest

Done.

dsjang

SiteIsolationPolicy is converted to a ResourceLoaderBridge::Peer which wraps the original Peer used by IPCResourceLoaderBridge. The ...

7 years, 4 months ago (2013-08-16 17:52:40 UTC) #18

Charlie Reis

Just a few minor comments while we wait for Darin's thoughts on the approach. https://codereview.chromium.org/22254005/diff/159001/content/child/request_extra_data.h ...

7 years, 4 months ago (2013-08-19 16:20:05 UTC) #19

dsjang

https://codereview.chromium.org/22254005/diff/159001/content/child/request_extra_data.h File content/child/request_extra_data.h (right): https://codereview.chromium.org/22254005/diff/159001/content/child/request_extra_data.h#newcode51 content/child/request_extra_data.h:51: WebKit::WebString frame_origin_; The first object we get from WebKit ...

7 years, 4 months ago (2013-08-19 21:37:17 UTC) #20

darin (slow to review)

If I were writing this patch, I probably wouldn't attempt chaining ResourceLoaderBridge::Peer objects because of ...

7 years, 4 months ago (2013-08-20 23:47:05 UTC) #21

dsjang

SiteIsolationPolicy is converted into a purely static class, a command-line argument --cross-site-document-blocking is added to ...

7 years, 4 months ago (2013-08-21 18:49:56 UTC) #22

dsjang

Blocking logic gets simpler, and test cases for SiteIsolationPolicy are moved to /content from /chrome.

7 years, 4 months ago (2013-08-22 00:15:11 UTC) #23

Charlie Reis

On one hand, this CL is a bit larger due to including the blocking logic ...

7 years, 4 months ago (2013-08-22 18:23:29 UTC) #24

dsjang

Comments and naming are improved https://codereview.chromium.org/22254005/diff/208001/content/child/resource_dispatcher.cc File content/child/resource_dispatcher.cc (right): https://codereview.chromium.org/22254005/diff/208001/content/child/resource_dispatcher.cc#newcode102 content/child/resource_dispatcher.cc:102: // The security origin ...

7 years, 4 months ago (2013-08-22 19:05:54 UTC) #25

darin (slow to review)

https://codereview.chromium.org/22254005/diff/161002/content/child/resource_dispatcher.cc File content/child/resource_dispatcher.cc (right): https://codereview.chromium.org/22254005/diff/161002/content/child/resource_dispatcher.cc#newcode425 content/child/resource_dispatcher.cc:425: perhaps another option here is to call a method ...

7 years, 4 months ago (2013-08-22 21:50:42 UTC) #26

dsjang

Blocking code is moved to SiteIsolationPolicy from ResourceDispatcher https://codereview.chromium.org/22254005/diff/161002/content/child/resource_dispatcher.cc File content/child/resource_dispatcher.cc (right): https://codereview.chromium.org/22254005/diff/161002/content/child/resource_dispatcher.cc#newcode425 content/child/resource_dispatcher.cc:425: On ...

7 years, 4 months ago (2013-08-22 22:30:19 UTC) #27

darin (slow to review)

OK, looks better. Thanks! Deferring to Charlie on most of this review. Integration code LGTM. ...

7 years, 4 months ago (2013-08-22 22:45:34 UTC) #28

Charlie Reis

LGTM with the changes below. https://codereview.chromium.org/22254005/diff/123003/content/child/site_isolation_policy.cc File content/child/site_isolation_policy.cc (right): https://codereview.chromium.org/22254005/diff/123003/content/child/site_isolation_policy.cc#newcode168 content/child/site_isolation_policy.cc:168: //alternative_data->insert(0, " "); This ...

7 years, 4 months ago (2013-08-22 23:05:22 UTC) #29