Changeset 202579 in webkit
- Timestamp:
- Jun 28, 2016 11:25:27 AM (8 years ago)
- Location:
- trunk
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r202573 r202579 1 2016-06-28 Jer Noble <jer.noble@apple.com> 2 3 Cross-domain video loads do not prompt for authorization. 4 https://bugs.webkit.org/show_bug.cgi?id=159195 5 <rdar://problem/26234612> 6 7 Reviewed by Brent Fulgham. 8 9 Add a cross-origin authorization sub-test. 10 11 * http/tests/media/video-auth.html: 12 * http/tests/media/video-auth-expected.txt: 13 1 14 2016-06-28 Ryan Haddad <ryanhaddad@apple.com> 2 15 -
trunk/LayoutTests/http/tests/media/video-auth-expected.txt
r161455 r202579 1 1 http://127.0.0.1:8000/media/resources/video-auth.php?name=test.mp4&type=video/mp4 - didReceiveAuthenticationChallenge - Responding with username:password 2 http://localhost:8000/media/resources/video-auth.php?name=test.mp4&type=video/mp4 - didReceiveAuthenticationChallenge - Responding with username:password 2 3 3 Tests that the media player sends authorization credentials when requesting a media file. 4 Tests that the media player sends authorization credentials when requesting a media file. 5 Testing same domain (127.0.0.1) 6 EVENT(canplay) 7 Testing cross domain (localhost) 4 8 EVENT(canplay) 5 9 END OF TEST -
trunk/LayoutTests/http/tests/media/video-auth.html
r161455 r202579 11 11 } 12 12 13 function loadMediaFrame() 13 var tests; 14 var media = findMediaFile('video', 'test'); 15 var type = mimeTypeForExtension(media.split('.').pop()); 16 17 function startTests() 14 18 { 15 19 findMediaElement(); 20 waitForEventAndFail('error'); 21 waitForEvent('canplay', runNextTest); 16 22 17 var movie = findMediaFile('video', 'test'); 18 var type = mimeTypeForExtension(movie.split('.').pop()); 19 var frame = document.createElement('iframe'); 20 frame.width = 0; 21 frame.height = 0; 22 frame.addEventListener('load', function () { 23 source = document.getElementById('source'); 24 source.src = 'http://127.0.0.1:8000/media/resources/video-auth.php?name=' + movie + '&type=' + type; 25 source.type = type; 26 27 waitForEventAndFail('error'); 28 waitForEventAndEnd('canplay'); 29 video.load(); 30 }); 31 32 frame.src = "data:text/html,<b>test</b>"; 33 document.body.appendChild(frame); 23 tests = [ 24 testSameDomain, 25 testCrossDomain, 26 ]; 27 28 runNextTest(); 29 } 30 31 function runNextTest() 32 { 33 var test = tests.shift(); 34 if (test) 35 test(); 36 else 37 endTest(); 38 } 39 40 function testSameDomain() 41 { 42 consoleWrite('Testing same domain (127.0.0.1)'); 43 video.src = 'http://127.0.0.1:8000/media/resources/video-auth.php?name=' + media + '&type=' + type; 44 video.load(); 45 } 46 47 function testCrossDomain() 48 { 49 consoleWrite('Testing cross domain (localhost)'); 50 video.src = 'http://localhost:8000/media/resources/video-auth.php?name=' + media + '&type=' + type; 51 video.load(); 34 52 } 35 53 </script> 36 54 </head> 37 55 38 <body onload="loadMediaFrame()"> 39 <video id="video"> 40 <source id="source"> 41 </video> 56 <body onload="startTests()"> 57 <video></video> 42 58 <br> 43 59 Tests that the media player sends authorization credentials when requesting a media file. -
trunk/Source/WebCore/ChangeLog
r202578 r202579 1 2016-06-27 Jer Noble <jer.noble@apple.com> 2 3 Cross-domain video loads do not prompt for authorization. 4 https://bugs.webkit.org/show_bug.cgi?id=159195 5 <rdar://problem/26234612> 6 7 Reviewed by Brent Fulgham. 8 9 Test: http/tests/media/video-auth.html (modified) 10 11 We should prompt for authorization when a cross-origin <video> is embedded 12 in a web page. 13 14 * loader/MediaResourceLoader.cpp: 15 (WebCore::MediaResourceLoader::requestResource): 16 1 17 2016-06-28 Ryosuke Niwa <rniwa@webkit.org> 2 18 -
trunk/Source/WebCore/loader/MediaResourceLoader.cpp
r200895 r202579 79 79 // FIXME: Skip Content Security Policy check if the element that inititated this request 80 80 // is in a user-agent shadow tree. See <https://bugs.webkit.org/show_bug.cgi?id=155505>. 81 CachedResourceRequest cacheRequest(updatedRequest, ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, bufferingPolicy, allowCredentials, DoNotAskClientForCrossOriginCredentials, ClientDidNotRequestCredentials, DoSecurityCheck, corsPolicy, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, cachingPolicy));81 CachedResourceRequest cacheRequest(updatedRequest, ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, bufferingPolicy, allowCredentials, AskClientForAllCredentials, ClientDidNotRequestCredentials, DoSecurityCheck, corsPolicy, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, cachingPolicy)); 82 82 83 83 if (!m_crossOriginMode.isNull())
Note: See TracChangeset
for help on using the changeset viewer.