Changeset 205750 in webkit


Ignore:
Timestamp:
Sep 9, 2016 10:24:58 AM (8 years ago)
Author:
commit-queue@webkit.org
Message:

TextTrackLoader should use FetchOptions::mode according its crossOrigin attribute
https://bugs.webkit.org/show_bug.cgi?id=161792

Patch by Youenn Fablet <youenn@apple.com> on 2016-09-09
Reviewed by Eric Carlson.

LayoutTests/imported/w3c:

Rebaseline W3C test now that more checks are passing.

  • web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrack/addCue-expected.txt:
  • web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrack/removeCue-expected.txt:
  • web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrackCue/endTime-expected.txt:
  • web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrackCue/id-expected.txt:
  • web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrackCue/pauseOnExit-expected.txt:
  • web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrackCue/startTime-expected.txt:
  • web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrackCue/track-expected.txt:

Source/WebCore:

Covered by existing and updated tests.

Updating text track loader to use fetch mode according crossOrigin value.

Removed the check done in the case the crossOrigin value is not set.
Previously cross-origin loads were forbidden, now this is authorized.
This change allows aligning with the spec.
Also, this check could be bypassed in the case of a same-origin URL redirecting to a cross-origin one.

  • loader/TextTrackLoader.cpp:

(WebCore::TextTrackLoader::notifyFinished): Checking resource error in lieu of doing CORS checks on its own.
(WebCore::TextTrackLoader::load): Using CachedResourceRequest::setAsPotentiallyCrossOrigin

  • loader/TextTrackLoader.h:
  • loader/cache/CachedResource.cpp:

(WebCore::CachedResource::loadFrom): Setting loading and status values as would be done when load is finished.
(WebCore::CachedResource::setBodyDataFrom): Default implementation is to copy the shared buffer.

  • loader/cache/CachedResource.h:
  • loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::updateCachedResourceWithCurrentRequest): Enabling resource update when mode or origin is different for TextTrack resources.

LayoutTests:

  • http/tests/security/text-track-crossorigin-expected.txt:
  • http/tests/security/text-track-crossorigin.html: Updating test to be more robust against timeout.

Updated test to succeed doing no-cors loading of cross-origin resources.

Location:
trunk
Files:
17 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r205748 r205750  
     12016-09-09  Youenn Fablet  <youenn@apple.com>
     2
     3        TextTrackLoader should use FetchOptions::mode according its crossOrigin attribute
     4        https://bugs.webkit.org/show_bug.cgi?id=161792
     5
     6        Reviewed by Eric Carlson.
     7
     8        * http/tests/security/text-track-crossorigin-expected.txt:
     9        * http/tests/security/text-track-crossorigin.html: Updating test to be more robust against timeout.
     10        Updated test to succeed doing no-cors loading of cross-origin resources.
     11
    1122016-09-09  Ryan Haddad  <ryanhaddad@apple.com>
    213
  • trunk/LayoutTests/http/tests/security/text-track-crossorigin-expected.txt

    r158743 r205750  
    1 CONSOLE MESSAGE: Cross-origin text track load denied by Cross-Origin Resource Sharing policy.
     1CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
    22CONSOLE MESSAGE: Cross-origin text track load denied by Cross-Origin Resource Sharing policy.
    33Tests loading cross-domain <track>.
     
    55
    66Loading without Access-Control-Allow-Origin header, no "crossorigin" attribute on <video>
    7 EVENT(error)
    8 PASS: shouldLoad should be 'false' and is.
     7EVENT(load)
     8PASS: shouldLoad should be 'true' and is.
    99PASS: event.target should be '[object HTMLTrackElement]' and is.
    10 PASS: trackElement.readyState should be '3' and is.
     10PASS: trackElement.readyState should be '2' and is.
    1111
    1212
  • trunk/LayoutTests/http/tests/security/text-track-crossorigin.html

    r138766 r205750  
    55        <script>
    66
    7             var shouldLoad = false;
     7            var shouldLoad = true;
    88            var counter = 0;
    99
     
    3030                log('<br>');
    3131                switch(counter) {
     32                case 0:
     33                    log('Loading <b>without</b> Access-Control-Allow-Origin header, setting video.crossorigin to "anonymous"');
     34                    url = "http://localhost:8000/security/resources/captions-with-access-control-headers.php?count=" + counter;
     35                    videoElement.setAttribute('crossorigin', 'anonymous');
     36                    trackElement.removeAttribute('src');
     37                    trackElement.setAttribute('src', url);
     38                    shouldLoad = false;
     39                    ++counter;
     40                    break;
     41
    3242                case 2:
    3343                    log('Loading <b>with</b> Access-Control-Allow-Origin and Access-Control-Allow-Credentials headers, setting video.crossorigin to "use-credentials"');
     
    4050                case 3:
    4151                    log("END OF TEST");
     52                    if (window.testRunner)
     53                        testRunner.notifyDone();
     54                defaut:
    4255                    if (window.testRunner)
    4356                        testRunner.notifyDone();
     
    5770                log('<br>');
    5871                switch(counter) {
    59                 case 0:
    60                     log('Loading <b>without</b> Access-Control-Allow-Origin header, setting video.crossorigin to "anonymous"');
    61                     url = "http://localhost:8000/security/resources/captions-with-access-control-headers.php?count=" + counter;
    62                     videoElement.setAttribute('crossorigin', 'anonymous');
    63                     trackElement.removeAttribute('src');
    64                     trackElement.setAttribute('src', url);
    65                     ++counter;
    66                     break;
    67 
    6872                case 1:
    6973                    log('Loading <b>with</b> Access-Control-Allow-Origin header, leaving video.crossorigin as "anonymous"');
     
    7377                    ++counter;
    7478                    break;
     79                defaut:
     80                    if (window.testRunner)
     81                        testRunner.notifyDone();
    7582                }
    76 
    7783            }
    7884
  • trunk/LayoutTests/imported/w3c/ChangeLog

    r205743 r205750  
     12016-09-09  Youenn Fablet  <youenn@apple.com>
     2
     3        TextTrackLoader should use FetchOptions::mode according its crossOrigin attribute
     4        https://bugs.webkit.org/show_bug.cgi?id=161792
     5
     6        Reviewed by Eric Carlson.
     7
     8        Rebaseline W3C test now that more checks are passing.
     9
     10        * web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrack/addCue-expected.txt:
     11        * web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrack/removeCue-expected.txt:
     12        * web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrackCue/endTime-expected.txt:
     13        * web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrackCue/id-expected.txt:
     14        * web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrackCue/pauseOnExit-expected.txt:
     15        * web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrackCue/startTime-expected.txt:
     16        * web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrackCue/track-expected.txt:
     17
    1182016-09-09  Youenn Fablet  <youenn@apple.com>
    219
  • trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrack/addCue-expected.txt

    r204090 r205750  
    1 CONSOLE MESSAGE: Cross-origin text track load denied by Cross-Origin Resource Sharing policy.
    21
    32PASS TextTrack.addCue(), adding a cue to two different tracks
     
    54PASS TextTrack.addCue(), adding a removed cue to a different track
    65PASS TextTrack.addCue(), adding an associated but removed cue to the same track
    7 FAIL TextTrack.addCue(), adding a cue associated with a track element to other track assert_unreached: got error event Reached unreachable code
     6PASS TextTrack.addCue(), adding a cue associated with a track element to other track
    87
  • trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrack/removeCue-expected.txt

    r204090 r205750  
    1 CONSOLE MESSAGE: Cross-origin text track load denied by Cross-Origin Resource Sharing policy.
    21
    32PASS TextTrack.removeCue(), two elementless tracks
    4 FAIL TextTrack.removeCue(), cue from track element assert_unreached: got error event Reached unreachable code
     3PASS TextTrack.removeCue(), cue from track element
    54
  • trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrackCue/endTime-expected.txt

    r204090 r205750  
    1 CONSOLE MESSAGE: Cross-origin text track load denied by Cross-Origin Resource Sharing policy.
    21
    32PASS TextTrackCue.endTime, script-created cue
    4 FAIL TextTrackCue.endTime, parsed cue assert_unreached: got error event Reached unreachable code
     3FAIL TextTrackCue.endTime, parsed cue null is not an object (evaluating 'assert_equals')
    54
  • trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrackCue/id-expected.txt

    r204090 r205750  
    1 CONSOLE MESSAGE: Cross-origin text track load denied by Cross-Origin Resource Sharing policy.
    21
    32PASS TextTrackCue.id, script-created cue
    4 FAIL TextTrackCue.id, parsed cue assert_unreached: got error event Reached unreachable code
     3FAIL TextTrackCue.id, parsed cue null is not an object (evaluating 'assert_equals')
    54
  • trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrackCue/pauseOnExit-expected.txt

    r204090 r205750  
    1 CONSOLE MESSAGE: Cross-origin text track load denied by Cross-Origin Resource Sharing policy.
    21
    32PASS TextTrackCue.pauseOnExit, script-created cue
    4 FAIL TextTrackCue.pauseOnExit, parsed cue assert_unreached: got error event Reached unreachable code
     3FAIL TextTrackCue.pauseOnExit, parsed cue null is not an object (evaluating 't.track.cues')
    54
  • trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrackCue/startTime-expected.txt

    r204090 r205750  
    1 CONSOLE MESSAGE: Cross-origin text track load denied by Cross-Origin Resource Sharing policy.
    21
    32PASS TextTrackCue.startTime, script-created cue
    4 FAIL TextTrackCue.startTime, parsed cue assert_unreached: got error event Reached unreachable code
     3FAIL TextTrackCue.startTime, parsed cue null is not an object (evaluating 'assert_equals')
    54
  • trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrackCue/track-expected.txt

    r204090 r205750  
    1 CONSOLE MESSAGE: Cross-origin text track load denied by Cross-Origin Resource Sharing policy.
    21
    32PASS TextTrackCue.track, script-created cue
    4 FAIL TextTrackCue.track, parsed cue assert_unreached: got error event Reached unreachable code
     3FAIL TextTrackCue.track, parsed cue null is not an object (evaluating 't.track.cues')
    54
  • trunk/Source/WebCore/ChangeLog

    r205749 r205750  
     12016-09-09  Youenn Fablet  <youenn@apple.com>
     2
     3        TextTrackLoader should use FetchOptions::mode according its crossOrigin attribute
     4        https://bugs.webkit.org/show_bug.cgi?id=161792
     5
     6        Reviewed by Eric Carlson.
     7
     8        Covered by existing and updated tests.
     9
     10        Updating text track loader to use fetch mode according crossOrigin value.
     11
     12        Removed the check done in the case the crossOrigin value is not set.
     13        Previously cross-origin loads were forbidden, now this is authorized.
     14        This change allows aligning with the spec.
     15        Also, this check could be bypassed in the case of a same-origin URL redirecting to a cross-origin one.
     16
     17        * loader/TextTrackLoader.cpp:
     18        (WebCore::TextTrackLoader::notifyFinished): Checking resource error in lieu of doing CORS checks on its own.
     19        (WebCore::TextTrackLoader::load): Using CachedResourceRequest::setAsPotentiallyCrossOrigin
     20        * loader/TextTrackLoader.h:
     21        * loader/cache/CachedResource.cpp:
     22        (WebCore::CachedResource::loadFrom): Setting loading and status values as would be done when load is finished.
     23        (WebCore::CachedResource::setBodyDataFrom): Default implementation is to copy the shared buffer.
     24        * loader/cache/CachedResource.h:
     25        * loader/cache/CachedResourceLoader.cpp:
     26        (WebCore::CachedResourceLoader::updateCachedResourceWithCurrentRequest): Enabling resource update when mode or origin is different for TextTrack resources.
     27
    1282016-09-09  Alex Christensen  <achristensen@webkit.org>
    229
  • trunk/Source/WebCore/loader/TextTrackLoader.cpp

    r204014 r205750  
    125125    ASSERT(m_resource == resource);
    126126
    127     Document* document = downcast<Document>(m_scriptExecutionContext);
    128     if (!m_crossOriginMode.isNull() && !resource->passesSameOriginPolicyCheck(*document->securityOrigin()))
     127    if (resource->resourceError().isAccessControl())
    129128        corsPolicyPreventedLoad();
    130129
     
    142141    if (!m_cueLoadTimer.isActive())
    143142        m_cueLoadTimer.startOneShot(0);
    144    
     143
    145144    cancelLoad();
    146145}
     
    157156
    158157    CachedResourceRequest cueRequest(ResourceRequest(document->completeURL(url)), options);
    159 
    160     if (!crossOriginMode.isNull()) {
    161         m_crossOriginMode = crossOriginMode;
    162         StoredCredentials allowCredentials = equalLettersIgnoringASCIICase(crossOriginMode, "use-credentials") ? AllowStoredCredentials : DoNotAllowStoredCredentials;
    163         updateRequestForAccessControl(cueRequest.mutableResourceRequest(), *document->securityOrigin(), allowCredentials);
    164     } else {
    165         // Cross-origin resources that are not suitably CORS-enabled may not load.
    166         if (!document->securityOrigin()->canRequest(url)) {
    167             corsPolicyPreventedLoad();
    168             return false;
    169         }
    170     }
     158    cueRequest.setAsPotentiallyCrossOrigin(crossOriginMode, *document);
    171159
    172160    m_resource = document->cachedResourceLoader().requestTextTrack(cueRequest);
     
    175163
    176164    m_resource->addClient(this);
    177    
     165
    178166    return true;
    179167}
  • trunk/Source/WebCore/loader/TextTrackLoader.h

    r197563 r205750  
    8484    ScriptExecutionContext* m_scriptExecutionContext;
    8585    Timer m_cueLoadTimer;
    86     String m_crossOriginMode;
    8786    State m_state;
    8887    unsigned m_parseOffset;
  • trunk/Source/WebCore/loader/cache/CachedResource.cpp

    r205473 r205750  
    359359
    360360    setBodyDataFrom(resource);
     361    setStatus(Status::Cached);
     362    setLoading(false);
     363}
     364
     365void CachedResource::setBodyDataFrom(const CachedResource& resource)
     366{
     367    m_data = resource.m_data;
    361368}
    362369
  • trunk/Source/WebCore/loader/cache/CachedResource.h

    r205473 r205750  
    308308    virtual void checkNotify();
    309309    virtual bool mayTryReplaceEncodedData() const { return false; }
    310     virtual void setBodyDataFrom(const CachedResource&) { }
     310    virtual void setBodyDataFrom(const CachedResource&);
    311311
    312312    std::chrono::microseconds freshnessLifetime(const ResourceResponse&) const;
  • trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp

    r205473 r205750  
    547547
    548548    // FIXME: We should progressively extend this to other reusable resources
    549     if (resource.type() != CachedResource::Type::ImageResource)
     549    if (resource.type() != CachedResource::Type::ImageResource && resource.type() != CachedResource::Type::TextTrackResource)
    550550        return false;
    551551
Note: See TracChangeset for help on using the changeset viewer.