Commit 6043d575 authored by Kershaw Chang's avatar Kershaw Chang
Browse files

Bug 1687364 - Telemetry probe for the outcomes of Authorization header,...

Bug 1687364 - Telemetry probe for the outcomes of Authorization header, r=freddyb,necko-reviewers,valentin

Depends on D178043

Differential Revision: https://phabricator.services.mozilla.com/D178151
parent 0a5356e5
Loading
Loading
Loading
Loading
+18 −0
Original line number Diff line number Diff line
@@ -129,3 +129,21 @@ network:
    telemetry_mirror: NETWORKING_DATA_TRANSFERRED_PB_PER_CONTENT_TYPE
    no_lint:
      - COMMON_PREFIX

  cors_authorization_header:
    type: labeled_counter
    labels:
      - allowed
      - disallowed
      - covered_by_wildcard
    description: >
      Count how many times we see `Authorization` header in
      `Access-Control-Request-Headers` header and the possible outcomes.
    bugs:
      - https://bugzilla.mozilla.org/show_bug.cgi?id=1687364
    data_reviews:
      - https://bugzilla.mozilla.org/show_bug.cgi?id=1687364
    notification_emails:
      - necko@mozilla.com
      - kershaw@mozilla.com
    expires: 130
+19 −1
Original line number Diff line number Diff line
@@ -52,6 +52,7 @@
#include "mozilla/dom/nsHTTPSOnlyUtils.h"
#include "mozilla/dom/ReferrerInfo.h"
#include "mozilla/dom/RequestBinding.h"
#include "mozilla/glean/GleanMetrics.h"
#include <algorithm>

using namespace mozilla;
@@ -1440,11 +1441,17 @@ nsresult nsCORSPreflightListener::CheckPreflightRequestApproved(
    }
  }

  bool authorizationInPreflightHeaders = false;
  bool authorizationCoveredByWildcard = false;
  for (uint32_t i = 0; i < mPreflightHeaders.Length(); ++i) {
    // Cache the result of the authorization header.
    bool isAuthorization =
        mPreflightHeaders[i].LowerCaseEqualsASCII("authorization");
    if (wildcard) {
      if (!mPreflightHeaders[i].LowerCaseEqualsASCII("authorization")) {
      if (!isAuthorization) {
        continue;
      } else {
        authorizationInPreflightHeaders = true;
        if (StaticPrefs::
                network_cors_preflight_authorization_covered_by_wildcard() &&
            !hasAuthorizationHeader) {
@@ -1453,6 +1460,10 @@ nsresult nsCORSPreflightListener::CheckPreflightRequestApproved(
          // console.
          LogBlockedRequest(aRequest, "CORSAllowHeaderFromPreflightDeprecation",
                            nullptr, 0, parentHttpChannel, true);
          glean::network::cors_authorization_header
              .Get("covered_by_wildcard"_ns)
              .Add(1);
          authorizationCoveredByWildcard = true;
          continue;
        }
      }
@@ -1465,10 +1476,17 @@ nsresult nsCORSPreflightListener::CheckPreflightRequestApproved(
          NS_ConvertUTF8toUTF16(mPreflightHeaders[i]).get(),
          nsILoadInfo::BLOCKING_REASON_CORSMISSINGALLOWHEADERFROMPREFLIGHT,
          parentHttpChannel);
      if (isAuthorization) {
        glean::network::cors_authorization_header.Get("disallowed"_ns).Add(1);
      }
      return NS_ERROR_DOM_BAD_URI;
    }
  }

  if (authorizationInPreflightHeaders && !authorizationCoveredByWildcard) {
    glean::network::cors_authorization_header.Get("allowed"_ns).Add(1);
  }

  return NS_OK;
}