Changeset 167193 in webkit
- Timestamp:
- Apr 13, 2014 2:33:30 AM (10 years ago)
- Location:
- trunk
- Files:
-
- 4 added
- 9 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r167192 r167193 1 2014-04-13 Youenn Fablet <youenn.fablet@crf.canon.fr> 2 3 [GStreamer] No CORS support for media elements 4 https://bugs.webkit.org/show_bug.cgi?id=99037 5 6 Reviewed by Philippe Normand. 7 8 http/tests/security/video-cross-origin-accessfailure.html verifies that cross-origin streams that fail CORS check 9 are not played when crossorigin attribute is set. 10 http/tests/security/video-cross-origin-accesssameorigin.html verifies that access to same-origin streams 11 are played when crossorigin attribute is set. 12 13 * http/tests/security/video-cross-origin-accessfailure-expected.txt: Added. 14 * http/tests/security/video-cross-origin-accessfailure.html: Added. 15 * http/tests/security/video-cross-origin-accesssameorigin-expected.txt: Added. 16 * http/tests/security/video-cross-origin-accesssameorigin.html: Added. 17 * platform/efl/TestExpectations: Enabled http/tests/security/video-cross-origin-readback.html. 18 * platform/gtk/TestExpectations: Ditto. 19 * platform/mac/TestExpectations: Disabled http/tests/security/video-cross-origin-accessfailure.html. 20 1 21 2014-04-13 Darin Adler <darin@apple.com> 2 22 -
trunk/LayoutTests/platform/efl/TestExpectations
r167185 r167193 301 301 # Pre-HMTL5 parser quirks only apply to the mac port for now. 302 302 fast/parser/pre-html5-parser-quirks.html [ WontFix ] 303 304 # No CORS support for media elements is implemented yet.305 Bug(EFL) http/tests/security/video-cross-origin-readback.html [ Failure ]306 303 307 304 # Perf tests are way too slow and some may fail due to timeout. -
trunk/LayoutTests/platform/gtk/TestExpectations
r167185 r167193 300 300 webkit.org/b/79203 webaudio/mediastreamaudiodestinationnode.html [ Skip ] 301 301 webkit.org/b/79203 webaudio/mediastreamaudiosourcenode.html [ Skip ] 302 303 # No CORS support for media elements is implemented yet.304 webkit.org/b/99037 http/tests/security/video-cross-origin-readback.html [ Failure ]305 302 306 303 # New test infrastructure required -- need isolated worlds -
trunk/LayoutTests/platform/mac/TestExpectations
-
Property
svn:executable
set to
*
r167192 r167193 504 504 # No CORS support for media elements is implemented yet. 505 505 http/tests/security/video-cross-origin-readback.html 506 http/tests/security/video-cross-origin-accessfailure.html 506 507 507 508 # media/audio-repaint.html sometimes fails on Lion Debug (Tests) -
Property
svn:executable
set to
-
trunk/Source/WebCore/ChangeLog
r167192 r167193 1 2014-04-13 Youenn Fablet <youenn.fablet@crf.canon.fr> 2 3 [GStreamer] No CORS support for media elements 4 https://bugs.webkit.org/show_bug.cgi?id=99037 5 6 Reviewed by Philippe Normand. 7 8 Added CORS access control check to media sources when crossorigin attribute is set. 9 10 Added getter to CORS access control check status (used to compute whether the stream is tainted or not). 11 Related test is http/tests/security/video-cross-origin-readback.html. 12 13 Disabled access to cross-origin streams that fail CORS check when crossorigin attribute is set. 14 Related test is http/tests/security/video-cross-origin-accessfailure.html. 15 16 Tests: http/tests/security/video-cross-origin-accessfailure.html 17 http/tests/security/video-cross-origin-accesssameorigin.html 18 19 * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp: 20 (WebCore::MediaPlayerPrivateGStreamer::didPassCORSAccessCheck): Return whether media is cross-origin (tainted) or not by querying the gstreamer source layer. 21 * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h: Added MediaPlayerPrivateGStreamer::didPassCORSAccessCheck declaration. 22 * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp: 23 (webKitWebSrcStart): Passed CORS mode parameter to the streaming client. In case of CORS check failure, stop the resource loading. 24 (webKitSrcPassedCORSAccessCheck): Return whether CORS access control check was done and successful. 25 (StreamingClient::handleResponseReceived): Take a parameter to assign the CORS access control check result. 26 (CachedResourceStreamingClient::CachedResourceStreamingClient): Updated setting of the ResourceLoaderOptions according CORS mode. 27 (CachedResourceStreamingClient::responseReceived): Check CORS and pass result to handleResponseReceived. 28 (ResourceHandleStreamingClient::didReceiveResponse): No CORS check. 29 * platform/graphics/gstreamer/WebKitWebSourceGStreamer.h: Added webKitSrcPassedCORSAccessCheck declaration. 30 1 31 2014-04-12 Darin Adler <darin@apple.com> 2 32 -
trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp
r167098 r167193 1892 1892 } 1893 1893 1894 bool MediaPlayerPrivateGStreamer::didPassCORSAccessCheck() const 1895 { 1896 if (WEBKIT_IS_WEB_SRC(m_source.get())) 1897 return webKitSrcPassedCORSAccessCheck(WEBKIT_WEB_SRC(m_source.get())); 1898 return false; 1899 } 1900 1894 1901 } 1895 1902 -
trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h
r167098 r167193 160 160 virtual String engineDescription() const { return "GStreamer"; } 161 161 virtual bool isLiveStream() const { return m_isStreaming; } 162 virtual bool didPassCORSAccessCheck() const; 162 163 163 164 private: -
trunk/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp
r167098 r167193 28 28 #include "CachedResourceLoader.h" 29 29 #include "CachedResourceRequest.h" 30 #include "CrossOriginAccessControl.h" 30 31 #include "GRefPtrGStreamer.h" 31 32 #include "GStreamerUtilities.h" … … 36 37 #include "ResourceRequest.h" 37 38 #include "ResourceResponse.h" 39 #include "SecurityOrigin.h" 38 40 #include "SharedBuffer.h" 39 41 #include <gst/app/gstappsrc.h> … … 49 51 using namespace WebCore; 50 52 53 enum CORSAccessCheckResult { 54 CORSNoCheck, 55 CORSSuccess, 56 CORSFailure 57 }; 58 51 59 class StreamingClient { 52 60 public: … … 59 67 protected: 60 68 char* createReadBuffer(size_t requestedSize, size_t& actualSize); 61 void handleResponseReceived(const ResourceResponse& );69 void handleResponseReceived(const ResourceResponse&, CORSAccessCheckResult); 62 70 void handleDataReceived(const char*, int); 63 71 void handleNotifyFinished(); … … 69 77 WTF_MAKE_NONCOPYABLE(CachedResourceStreamingClient); WTF_MAKE_FAST_ALLOCATED; 70 78 public: 71 CachedResourceStreamingClient(WebKitWebSrc*, CachedResourceLoader*, const ResourceRequest& );79 CachedResourceStreamingClient(WebKitWebSrc*, CachedResourceLoader*, const ResourceRequest&, MediaPlayerClient::CORSMode); 72 80 virtual ~CachedResourceStreamingClient(); 73 81 … … 84 92 85 93 CachedResourceHandle<CachedRawResource> m_resource; 94 RefPtr<SecurityOrigin> m_origin; 86 95 }; 87 96 … … 120 129 121 130 StreamingClient* client; 131 132 CORSAccessCheckResult corsAccessCheck; 122 133 123 134 guint64 offset; … … 438 449 GMutexLocker locker(GST_OBJECT_GET_LOCK(src)); 439 450 451 priv->corsAccessCheck = CORSNoCheck; 452 440 453 if (!priv->uri) { 441 454 GST_ERROR_OBJECT(src, "No URI provided"); … … 484 497 if (priv->player) { 485 498 if (CachedResourceLoader* loader = priv->player->cachedResourceLoader()) 486 priv->client = new CachedResourceStreamingClient(src, loader, request );499 priv->client = new CachedResourceStreamingClient(src, loader, request, priv->player->mediaPlayerClient()->mediaPlayerCORSMode()); 487 500 } 488 501 … … 754 767 } 755 768 769 bool webKitSrcPassedCORSAccessCheck(WebKitWebSrc* src) 770 { 771 return src->priv->corsAccessCheck == CORSSuccess; 772 } 773 756 774 StreamingClient::StreamingClient(WebKitWebSrc* src) 757 775 : m_src(adoptGRef(static_cast<GstElement*>(gst_object_ref(src)))) … … 782 800 } 783 801 784 void StreamingClient::handleResponseReceived(const ResourceResponse& response )802 void StreamingClient::handleResponseReceived(const ResourceResponse& response, CORSAccessCheckResult corsAccessCheck) 785 803 { 786 804 WebKitWebSrc* src = WEBKIT_WEB_SRC(m_src.get()); … … 789 807 GST_DEBUG_OBJECT(src, "Received response: %d", response.httpStatusCode()); 790 808 791 if (response.httpStatusCode() >= 400) { 792 // Received error code 793 GST_ELEMENT_ERROR(src, RESOURCE, READ, ("Received %d HTTP error code", response.httpStatusCode()), (0)); 809 if (response.httpStatusCode() >= 400 || corsAccessCheck == CORSFailure) { 810 // Received error code or CORS check failed 811 if (corsAccessCheck == CORSFailure) 812 GST_ELEMENT_ERROR(src, RESOURCE, READ, ("Cross-origin stream load denied by Cross-Origin Resource Sharing policy."), (nullptr)); 813 else 814 GST_ELEMENT_ERROR(src, RESOURCE, READ, ("Received %d HTTP error code", response.httpStatusCode()), (nullptr)); 794 815 gst_app_src_end_of_stream(priv->appsrc); 795 816 webKitWebSrcStop(src); … … 798 819 799 820 GMutexLocker locker(GST_OBJECT_GET_LOCK(src)); 821 822 priv->corsAccessCheck = corsAccessCheck; 800 823 801 824 if (priv->seekSource.isActive()) { … … 812 835 // Range request completely failed. 813 836 locker.unlock(); 814 GST_ELEMENT_ERROR(src, RESOURCE, READ, ("Received unexpected %d HTTP status code", response.httpStatusCode()), ( 0));837 GST_ELEMENT_ERROR(src, RESOURCE, READ, ("Received unexpected %d HTTP status code", response.httpStatusCode()), (nullptr)); 815 838 gst_app_src_end_of_stream(priv->appsrc); 816 839 webKitWebSrcStop(src); … … 970 993 } 971 994 972 CachedResourceStreamingClient::CachedResourceStreamingClient(WebKitWebSrc* src, CachedResourceLoader* resourceLoader, const ResourceRequest& request )995 CachedResourceStreamingClient::CachedResourceStreamingClient(WebKitWebSrc* src, CachedResourceLoader* resourceLoader, const ResourceRequest& request, MediaPlayerClient::CORSMode corsMode) 973 996 : StreamingClient(src) 974 997 { 975 998 DataBufferingPolicy bufferingPolicy = request.url().protocolIs("blob") ? BufferData : DoNotBufferData; 976 CachedResourceRequest cacheRequest(request, ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, bufferingPolicy, DoNotAllowStoredCredentials, DoNotAskClientForCrossOriginCredentials, DoSecurityCheck, UseDefaultOriginRestrictionsForType)); 999 RequestOriginPolicy corsPolicy = corsMode != MediaPlayerClient::Unspecified ? PotentiallyCrossOriginEnabled : UseDefaultOriginRestrictionsForType; 1000 StoredCredentials allowCredentials = corsMode == MediaPlayerClient::UseCredentials ? AllowStoredCredentials : DoNotAllowStoredCredentials; 1001 ResourceLoaderOptions options(SendCallbacks, DoNotSniffContent, bufferingPolicy, allowCredentials, DoNotAskClientForCrossOriginCredentials, DoSecurityCheck, corsPolicy); 1002 1003 CachedResourceRequest cacheRequest(request, options); 1004 1005 if (corsMode != MediaPlayerClient::Unspecified) { 1006 m_origin = resourceLoader->document() ? resourceLoader->document()->securityOrigin() : nullptr; 1007 updateRequestForAccessControl(cacheRequest.mutableResourceRequest(), m_origin.get(), allowCredentials); 1008 } 1009 1010 // TODO: Decide whether to use preflight mode for cross-origin requests (see http://wkbug.com/131484). 977 1011 m_resource = resourceLoader->requestRawResource(cacheRequest); 978 1012 if (m_resource) … … 1004 1038 } 1005 1039 1006 void CachedResourceStreamingClient::responseReceived(CachedResource*, const ResourceResponse& response) 1007 { 1008 handleResponseReceived(response); 1040 void CachedResourceStreamingClient::responseReceived(CachedResource* resource, const ResourceResponse& response) 1041 { 1042 CORSAccessCheckResult corsAccessCheck = CORSNoCheck; 1043 if (m_origin) 1044 corsAccessCheck = (m_origin->canRequest(response.url()) || resource->passesAccessControlCheck(m_origin.get())) ? CORSSuccess : CORSFailure; 1045 handleResponseReceived(response, corsAccessCheck); 1009 1046 } 1010 1047 … … 1068 1105 void ResourceHandleStreamingClient::didReceiveResponse(ResourceHandle*, const ResourceResponse& response) 1069 1106 { 1070 handleResponseReceived(response );1107 handleResponseReceived(response, CORSNoCheck); 1071 1108 } 1072 1109 -
trunk/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.h
r167098 r167193 48 48 GType webkit_web_src_get_type(void); 49 49 void webKitWebSrcSetMediaPlayer(WebKitWebSrc*, WebCore::MediaPlayer*); 50 bool webKitSrcPassedCORSAccessCheck(WebKitWebSrc*); 50 51 51 52 G_END_DECLS
Note: See TracChangeset
for help on using the changeset viewer.