Changeset 202579 in webkit


Ignore:
Timestamp:
Jun 28, 2016 11:25:27 AM (8 years ago)
Author:
jer.noble@apple.com
Message:

Cross-domain video loads do not prompt for authorization.
https://bugs.webkit.org/show_bug.cgi?id=159195
<rdar://problem/26234612>

Reviewed by Brent Fulgham.

Source/WebCore:

Test: http/tests/media/video-auth.html (modified)

We should prompt for authorization when a cross-origin <video> is embedded
in a web page.

  • loader/MediaResourceLoader.cpp:

(WebCore::MediaResourceLoader::requestResource):

LayoutTests:

Add a cross-origin authorization sub-test.

  • http/tests/media/video-auth.html:
  • http/tests/media/video-auth-expected.txt:
Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • trunk/LayoutTests/ChangeLog

    r202573 r202579  
     12016-06-28  Jer Noble  <jer.noble@apple.com>
     2
     3        Cross-domain video loads do not prompt for authorization.
     4        https://bugs.webkit.org/show_bug.cgi?id=159195
     5        <rdar://problem/26234612>
     6
     7        Reviewed by Brent Fulgham.
     8
     9        Add a cross-origin authorization sub-test.
     10
     11        * http/tests/media/video-auth.html:
     12        * http/tests/media/video-auth-expected.txt:
     13
    1142016-06-28  Ryan Haddad  <ryanhaddad@apple.com>
    215

  • trunk/LayoutTests/http/tests/media/video-auth-expected.txt

    r161455 r202579  
    11http://127.0.0.1:8000/media/resources/video-auth.php?name=test.mp4&type=video/mp4 - didReceiveAuthenticationChallenge - Responding with username:password
     2http://localhost:8000/media/resources/video-auth.php?name=test.mp4&type=video/mp4 - didReceiveAuthenticationChallenge - Responding with username:password
    23 
    3 Tests that the media player sends authorization credentials when requesting a media file. 
     4Tests that the media player sends authorization credentials when requesting a media file.
     5Testing same domain (127.0.0.1)
     6EVENT(canplay)
     7Testing cross domain (localhost)
    48EVENT(canplay)
    59END OF TEST

  • trunk/LayoutTests/http/tests/media/video-auth.html

    r161455 r202579  
    1111            }
    1212
    13             function loadMediaFrame()
     13            var tests;
     14            var media = findMediaFile('video', 'test');
     15            var type = mimeTypeForExtension(media.split('.').pop());
     16
     17            function startTests()
    1418            {
    1519                findMediaElement();
     20                waitForEventAndFail('error');
     21                waitForEvent('canplay', runNextTest);
    1622
    17                 var movie = findMediaFile('video', 'test');
    18                 var type = mimeTypeForExtension(movie.split('.').pop());
    19                 var frame = document.createElement('iframe');
    20                 frame.width = 0;
    21                 frame.height = 0;
    22                 frame.addEventListener('load', function () {
    23                         source = document.getElementById('source');
    24                         source.src = 'http://127.0.0.1:8000/media/resources/video-auth.php?name=' + movie + '&type=' + type;
    25                         source.type = type;
    26        
    27                         waitForEventAndFail('error');
    28                         waitForEventAndEnd('canplay');
    29                         video.load();
    30                 });
    31        
    32                 frame.src = "data:text/html,<b>test</b>";
    33                 document.body.appendChild(frame);
     23                tests = [
     24                    testSameDomain,
     25                    testCrossDomain,
     26                ];
     27
     28                runNextTest();
     29            }
     30
     31            function runNextTest()
     32            {
     33                var test = tests.shift();
     34                if (test)
     35                    test();
     36                else
     37                    endTest();
     38            }
     39
     40            function testSameDomain()
     41            {
     42                consoleWrite('Testing same domain (127.0.0.1)');
     43                video.src = 'http://127.0.0.1:8000/media/resources/video-auth.php?name=' + media + '&type=' + type;
     44                video.load();
     45            }
     46
     47            function testCrossDomain()
     48            {
     49                consoleWrite('Testing cross domain (localhost)');
     50                video.src = 'http://localhost:8000/media/resources/video-auth.php?name=' + media + '&type=' + type;
     51                video.load();
    3452            }
    3553        </script>
    3654    </head>
    3755
    38     <body onload="loadMediaFrame()">
    39         <video id="video">
    40             <source id="source">
    41         </video>
     56    <body onload="startTests()">
     57        <video></video>
    4258        <br>
    4359        Tests that the media player sends authorization credentials when requesting a media file.

  • trunk/Source/WebCore/ChangeLog

    r202578 r202579  
     12016-06-27  Jer Noble  <jer.noble@apple.com>
     2
     3        Cross-domain video loads do not prompt for authorization.
     4        https://bugs.webkit.org/show_bug.cgi?id=159195
     5        <rdar://problem/26234612>
     6
     7        Reviewed by Brent Fulgham.
     8
     9        Test: http/tests/media/video-auth.html (modified)
     10
     11        We should prompt for authorization when a cross-origin <video> is embedded
     12        in a web page.
     13
     14        * loader/MediaResourceLoader.cpp:
     15        (WebCore::MediaResourceLoader::requestResource):
     16
    1172016-06-28  Ryosuke Niwa  <rniwa@webkit.org>
    218

  • trunk/Source/WebCore/loader/MediaResourceLoader.cpp

    r200895 r202579  
    7979    // FIXME: Skip Content Security Policy check if the element that inititated this request
    8080    // is in a user-agent shadow tree. See <https://bugs.webkit.org/show_bug.cgi?id=155505>.
    81     CachedResourceRequest cacheRequest(updatedRequest, ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, bufferingPolicy, allowCredentials, DoNotAskClientForCrossOriginCredentials, ClientDidNotRequestCredentials, DoSecurityCheck, corsPolicy, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, cachingPolicy));
     81    CachedResourceRequest cacheRequest(updatedRequest, ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, bufferingPolicy, allowCredentials, AskClientForAllCredentials, ClientDidNotRequestCredentials, DoSecurityCheck, corsPolicy, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, cachingPolicy));
    8282
    8383    if (!m_crossOriginMode.isNull())
Note: See TracChangeset for help on using the changeset viewer.