Changeset 167073 in webkit

Timestamp:

Apr 10, 2014 8:46:10 AM (10 years ago)

Author:

commit-queue@webkit.org

Message:

[GStreamer] No CORS support for media elements
​https://bugs.webkit.org/show_bug.cgi?id=99037

Patch by Youenn Fablet <​youenn.fablet@crf.canon.fr> on 2014-04-10
Reviewed by Philippe Normand.

Source/WebCore:

Added CORS access control check to media sources when crossorigin attribute is set.

Added getter to CORS access control check status (used to compute whether the stream is tainted or not).
Related test is http/tests/security/video-cross-origin-readback.html.

Disabled access to cross-origin streams that fail CORS check when crossorigin attribute is set.
Related test is http/tests/security/video-cross-origin-accessfailure.html.

Tests: http/tests/security/video-cross-origin-accessfailure.html

http/tests/security/video-cross-origin-accesssameorigin.html

• platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::MediaPlayerPrivateGStreamer::didPassCORSAccessCheck): Return whether media is cross-origin (tainted) or not by querying the gstreamer source layer.

• platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h: Added MediaPlayerPrivateGStreamer::didPassCORSAccessCheck declaration.
• platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:

(webKitWebSrcStart): Passed CORS mode parameter to the streaming client. In case of CORS check failure, stop the resource loading.
(webKitSrcPassedCORSAccessCheck): Return whether CORS access control check was done and successful.
(StreamingClient::handleResponseReceived): Take a parameter to assign the CORS access control check result.
(CachedResourceStreamingClient::CachedResourceStreamingClient): Updated setting of the ResourceLoaderOptions according CORS mode.
(CachedResourceStreamingClient::responseReceived): Check CORS and pass result to handleResponseReceived.
(ResourceHandleStreamingClient::didReceiveResponse): No CORS check.

• platform/graphics/gstreamer/WebKitWebSourceGStreamer.h: Added webKitSrcPassedCORSAccessCheck declaration.

LayoutTests:

http/tests/security/video-cross-origin-accessfailure.html verifies that cross-origin streams that fail CORS check
are not played when crossorigin attribute is set.

http/tests/security/video-cross-origin-accesssameorigin.html verifies that access to same-origin streams

are played when crossorigin attribute is set.

• http/tests/security/video-cross-origin-accessfailure-expected.txt: Added.
• http/tests/security/video-cross-origin-accessfailure.html: Added.
• http/tests/security/video-cross-origin-accesssameorigin-expected.txt: Added.
• http/tests/security/video-cross-origin-accesssameorigin.html: Added.
• platform/efl/TestExpectations: Enabled http/tests/security/video-cross-origin-readback.html.
• platform/gtk/TestExpectations: Ditto.
• platform/mac/TestExpectations: Disabled http/tests/security/video-cross-origin-accessfailure.html.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/security/video-cross-origin-accessfailure-expected.txt (added)
• LayoutTests/http/tests/security/video-cross-origin-accessfailure.html (added)
• LayoutTests/http/tests/security/video-cross-origin-accesssameorigin-expected.txt (added)
• LayoutTests/http/tests/security/video-cross-origin-accesssameorigin.html (added)
• LayoutTests/platform/efl/TestExpectations (modified) (1 diff)
• LayoutTests/platform/gtk/TestExpectations (modified) (1 diff)
• LayoutTests/platform/mac/TestExpectations (modified) (1 diff, 1 prop)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp (modified) (1 diff)
• Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h (modified) (1 diff)
• Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp (modified) (17 diffs)
• Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.h (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2014-04-10  Youenn Fablet  <youenn.fablet@crf.canon.fr>
+
+        [GStreamer] No CORS support for media elements
+        https://bugs.webkit.org/show_bug.cgi?id=99037
+
+        Reviewed by Philippe Normand.
+
+        http/tests/security/video-cross-origin-accessfailure.html verifies that cross-origin streams that fail CORS check
+        are not played when crossorigin attribute is set.
+         http/tests/security/video-cross-origin-accesssameorigin.html verifies that access to same-origin streams
+        are played when crossorigin attribute is set.
+
+        * http/tests/security/video-cross-origin-accessfailure-expected.txt: Added.
+        * http/tests/security/video-cross-origin-accessfailure.html: Added.
+        * http/tests/security/video-cross-origin-accesssameorigin-expected.txt: Added.
+        * http/tests/security/video-cross-origin-accesssameorigin.html: Added.
+        * platform/efl/TestExpectations: Enabled http/tests/security/video-cross-origin-readback.html.
+        * platform/gtk/TestExpectations: Ditto.
+        * platform/mac/TestExpectations: Disabled http/tests/security/video-cross-origin-accessfailure.html.
+
 2014-04-09  Alexey Proskuryakov  <ap@apple.com>
 

trunk/LayoutTests/platform/efl/TestExpectations

@@ -302 +302 @@
 # Pre-HMTL5 parser quirks only apply to the mac port for now.
 fast/parser/pre-html5-parser-quirks.html [ WontFix ]
-
-# No CORS support for media elements is implemented yet.
-Bug(EFL) http/tests/security/video-cross-origin-readback.html [ Failure ]
 
 # Perf tests are way too slow and some may fail due to timeout.

trunk/LayoutTests/platform/gtk/TestExpectations

@@ -304 +304 @@
 webkit.org/b/79203 webaudio/mediastreamaudiodestinationnode.html [ Skip ]
 webkit.org/b/79203 webaudio/mediastreamaudiosourcenode.html [ Skip ]
-
-# No CORS support for media elements is implemented yet.
-webkit.org/b/99037 http/tests/security/video-cross-origin-readback.html [ Failure ]
 
 # New test infrastructure required -- need isolated worlds

trunk/LayoutTests/platform/mac/TestExpectations

@@ -504 +504 @@
 # No CORS support for media elements is implemented yet.
 http/tests/security/video-cross-origin-readback.html
+http/tests/security/video-cross-origin-accessfailure.html
 
 # media/audio-repaint.html sometimes fails on Lion Debug (Tests)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2014-04-10  Youenn Fablet  <youenn.fablet@crf.canon.fr>
+
+        [GStreamer] No CORS support for media elements
+        https://bugs.webkit.org/show_bug.cgi?id=99037
+
+        Reviewed by Philippe Normand.
+
+        Added CORS access control check to media sources when crossorigin attribute is set.
+
+        Added getter to CORS access control check status (used to compute whether the stream is tainted or not).
+        Related test is http/tests/security/video-cross-origin-readback.html.
+
+        Disabled access to cross-origin streams that fail CORS check when crossorigin attribute is set.
+        Related test is http/tests/security/video-cross-origin-accessfailure.html.
+
+        Tests: http/tests/security/video-cross-origin-accessfailure.html
+               http/tests/security/video-cross-origin-accesssameorigin.html
+
+        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
+        (WebCore::MediaPlayerPrivateGStreamer::didPassCORSAccessCheck): Return whether media is cross-origin (tainted) or not by querying the gstreamer source layer.
+        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h: Added MediaPlayerPrivateGStreamer::didPassCORSAccessCheck declaration.
+        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
+        (webKitWebSrcStart): Passed CORS mode parameter to the streaming client. In case of CORS check failure, stop the resource loading.
+        (webKitSrcPassedCORSAccessCheck): Return whether CORS access control check was done and successful.
+        (StreamingClient::handleResponseReceived): Take a parameter to assign the CORS access control check result.
+        (CachedResourceStreamingClient::CachedResourceStreamingClient): Updated setting of the ResourceLoaderOptions according CORS mode.
+        (CachedResourceStreamingClient::responseReceived): Check CORS and pass result to handleResponseReceived.
+        (ResourceHandleStreamingClient::didReceiveResponse): No CORS check.
+        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.h: Added webKitSrcPassedCORSAccessCheck declaration.
+
 2014-04-10  Eva Balazsfalvi  <evab.u-szeged@partner.samsung.com>
 

trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp

@@ -1892 +1892 @@
 }
 
+bool MediaPlayerPrivateGStreamer::didPassCORSAccessCheck() const
+{
+    if (m_source)
+        return webKitSrcPassedCORSAccessCheck(WEBKIT_WEB_SRC(m_source.get()));
+    return false;
+}
+
 }
 

trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h

@@ -160 +160 @@
     virtual String engineDescription() const { return "GStreamer"; }
     virtual bool isLiveStream() const { return m_isStreaming; }
+    virtual bool didPassCORSAccessCheck() const;
 
 private:

trunk/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp

@@ -28 +28 @@
 #include "CachedResourceLoader.h"
 #include "CachedResourceRequest.h"
+#include "CrossOriginAccessControl.h"
 #include "GRefPtrGStreamer.h"
 #include "GStreamerUtilities.h"
@@ -36 +37 @@
 #include "ResourceRequest.h"
 #include "ResourceResponse.h"
+#include "SecurityOrigin.h"
 #include "SharedBuffer.h"
 #include <gst/app/gstappsrc.h>
@@ -49 +51 @@
 using namespace WebCore;
 
+enum CORSAccessCheckResult {
+    CORSNoCheck,
+    CORSSuccess,
+    CORSFailure
+};
+
 class StreamingClient {
     public:
@@ -59 +67 @@
     protected:
         char* createReadBuffer(size_t requestedSize, size_t& actualSize);
-        void handleResponseReceived(const ResourceResponse&);
+        void handleResponseReceived(const ResourceResponse&, CORSAccessCheckResult);
         void handleDataReceived(const char*, int);
         void handleNotifyFinished();
@@ -69 +77 @@
     WTF_MAKE_NONCOPYABLE(CachedResourceStreamingClient); WTF_MAKE_FAST_ALLOCATED;
     public:
-        CachedResourceStreamingClient(WebKitWebSrc*, CachedResourceLoader*, const ResourceRequest&);
+        CachedResourceStreamingClient(WebKitWebSrc*, CachedResourceLoader*, const ResourceRequest&, MediaPlayerClient::CORSMode);
         virtual ~CachedResourceStreamingClient();
 
@@ -84 +92 @@
 
         CachedResourceHandle<CachedRawResource> m_resource;
+        RefPtr<SecurityOrigin> m_origin;
 };
 
@@ -120 +129 @@
 
     StreamingClient* client;
+
+    CORSAccessCheckResult corsAccessCheck;
 
     guint64 offset;
@@ -438 +449 @@
     GMutexLocker locker(GST_OBJECT_GET_LOCK(src));
 
+    priv->corsAccessCheck = CORSNoCheck;
+
     if (!priv->uri) {
         GST_ERROR_OBJECT(src, "No URI provided");
@@ -484 +497 @@
     if (priv->player) {
         if (CachedResourceLoader* loader = priv->player->cachedResourceLoader())
-            priv->client = new CachedResourceStreamingClient(src, loader, request);
+            priv->client = new CachedResourceStreamingClient(src, loader, request, priv->player->mediaPlayerClient()->mediaPlayerCORSMode());
     }
 
@@ -754 +767 @@
 }
 
+bool webKitSrcPassedCORSAccessCheck(WebKitWebSrc* src)
+{
+    return src->priv->corsAccessCheck == CORSSuccess;
+}
+
 StreamingClient::StreamingClient(WebKitWebSrc* src)
     : m_src(adoptGRef(static_cast<GstElement*>(gst_object_ref(src))))
@@ -782 +800 @@
 }
 
-void StreamingClient::handleResponseReceived(const ResourceResponse& response)
+void StreamingClient::handleResponseReceived(const ResourceResponse& response, CORSAccessCheckResult corsAccessCheck)
 {
     WebKitWebSrc* src = WEBKIT_WEB_SRC(m_src.get());
@@ -789 +807 @@
     GST_DEBUG_OBJECT(src, "Received response: %d", response.httpStatusCode());
 
-    if (response.httpStatusCode() >= 400) {
-        // Received error code
-        GST_ELEMENT_ERROR(src, RESOURCE, READ, ("Received %d HTTP error code", response.httpStatusCode()), (0));
+    if (response.httpStatusCode() >= 400 || corsAccessCheck == CORSFailure) {
+        // Received error code or CORS check failed
+        if (corsAccessCheck == CORSFailure)
+            GST_ELEMENT_ERROR(src, RESOURCE, READ, ("Cross-origin stream load denied by Cross-Origin Resource Sharing policy."), (nullptr));
+        else
+            GST_ELEMENT_ERROR(src, RESOURCE, READ, ("Received %d HTTP error code", response.httpStatusCode()), (nullptr));
         gst_app_src_end_of_stream(priv->appsrc);
         webKitWebSrcStop(src);
@@ -798 +819 @@
 
     GMutexLocker locker(GST_OBJECT_GET_LOCK(src));
+
+    priv->corsAccessCheck = corsAccessCheck;
 
     if (priv->seekSource.isActive()) {
@@ -812 +835 @@
             // Range request completely failed.
             locker.unlock();
-            GST_ELEMENT_ERROR(src, RESOURCE, READ, ("Received unexpected %d HTTP status code", response.httpStatusCode()), (0));
+            GST_ELEMENT_ERROR(src, RESOURCE, READ, ("Received unexpected %d HTTP status code", response.httpStatusCode()), (nullptr));
             gst_app_src_end_of_stream(priv->appsrc);
             webKitWebSrcStop(src);
@@ -970 +993 @@
 }
 
-CachedResourceStreamingClient::CachedResourceStreamingClient(WebKitWebSrc* src, CachedResourceLoader* resourceLoader, const ResourceRequest& request)
+CachedResourceStreamingClient::CachedResourceStreamingClient(WebKitWebSrc* src, CachedResourceLoader* resourceLoader, const ResourceRequest& request, MediaPlayerClient::CORSMode corsMode)
     : StreamingClient(src)
 {
     DataBufferingPolicy bufferingPolicy = request.url().protocolIs("blob") ? BufferData : DoNotBufferData;
-    CachedResourceRequest cacheRequest(request, ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, bufferingPolicy, DoNotAllowStoredCredentials, DoNotAskClientForCrossOriginCredentials, DoSecurityCheck, UseDefaultOriginRestrictionsForType));
+    RequestOriginPolicy corsPolicy = corsMode != MediaPlayerClient::Unspecified ? PotentiallyCrossOriginEnabled : UseDefaultOriginRestrictionsForType;
+    StoredCredentials allowCredentials = corsMode == MediaPlayerClient::UseCredentials ? AllowStoredCredentials : DoNotAllowStoredCredentials;
+    ResourceLoaderOptions options(SendCallbacks, DoNotSniffContent, bufferingPolicy, allowCredentials, DoNotAskClientForCrossOriginCredentials, DoSecurityCheck, corsPolicy);
+
+    CachedResourceRequest cacheRequest(request, options);
+
+    if (corsMode != MediaPlayerClient::Unspecified) {
+        m_origin = resourceLoader->document() ? resourceLoader->document()->securityOrigin() : nullptr;
+        updateRequestForAccessControl(cacheRequest.mutableResourceRequest(), m_origin.get(), allowCredentials);
+    }
+
+    // TODO: Decide whether to use preflight mode for cross-origin requests (see http://wkbug.com/131484).
     m_resource = resourceLoader->requestRawResource(cacheRequest);
     if (m_resource)
@@ -1004 +1038 @@
 }
 
-void CachedResourceStreamingClient::responseReceived(CachedResource*, const ResourceResponse& response)
-{
-    handleResponseReceived(response);
+void CachedResourceStreamingClient::responseReceived(CachedResource* resource, const ResourceResponse& response)
+{
+    CORSAccessCheckResult corsAccessCheck = CORSNoCheck;
+    if (m_origin)
+        corsAccessCheck = (m_origin->canRequest(response.url()) || resource->passesAccessControlCheck(m_origin.get())) ? CORSSuccess : CORSFailure;
+    handleResponseReceived(response, corsAccessCheck);
 }
 
@@ -1068 +1105 @@
 void ResourceHandleStreamingClient::didReceiveResponse(ResourceHandle*, const ResourceResponse& response)
 {
-    handleResponseReceived(response);
+    handleResponseReceived(response, CORSNoCheck);
 }
 

trunk/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.h

@@ -48 +48 @@
 GType webkit_web_src_get_type(void);
 void webKitWebSrcSetMediaPlayer(WebKitWebSrc*, WebCore::MediaPlayer*);
+bool webKitSrcPassedCORSAccessCheck(WebKitWebSrc*);
 
 G_END_DECLS