Bug 1443942 - Block mid-flight redirects to cross origin destinations during media loads. r=jya

There's no compelling use case for mid-flight redirects, and Chrome already blocks it, so there's little point in maintaining it. Add a hidden pref to toggle blocking, so we can toggle it off during testing to ensure that we're blocking a working mid-flight redirect. MozReview-Commit-ID: EnGNmYFr8Uv --HG-- extra : rebase_source : 3ed71273da24f8f0c8bc24ceede49afa7775650d
2018-03-06 09:55:03 +13:00 · 2018-03-06 09:55:03 +13:00 · 0ebc1bfba0
--- a/dom/media/ChannelMediaDecoder.cpp
+++ b/dom/media/ChannelMediaDecoder.cpp
@ -167,9 +167,9 @@ ChannelMediaDecoder::NotifyPrincipalChanged()
    return;
  }
  if (!mSameOriginMedia &&
-      DecoderTraits::CrossOriginRedirectsProhibited(ContainerType())) {
-    // For some content types we block mid-flight channel redirects to cross
-    // origin destinations due to security constraints. See bug 1441153.
+      Preferences::GetBool("media.block-midflight-redirects", true)) {
+    // Block mid-flight redirects to non CORS same origin destinations.
+    // See bugs 1441153, 1443942.
    LOG("ChannnelMediaDecoder prohibited cross origin redirect blocked.");
    NetworkError(MediaResult(NS_ERROR_DOM_BAD_URI,
                             "Prohibited cross origin redirect blocked"));
--- a/dom/media/DecoderTraits.cpp
+++ b/dom/media/DecoderTraits.cpp
@ -325,11 +325,4 @@ bool DecoderTraits::IsSupportedInVideoDocument(const nsACString& aType)
    false;
 }

-/* static */
-bool
-DecoderTraits::CrossOriginRedirectsProhibited(const MediaContainerType& aType)
-{
-  return WaveDecoder::IsSupportedType(aType);
-}
-
 } // namespace mozilla
--- a/dom/media/DecoderTraits.h
+++ b/dom/media/DecoderTraits.h
@ -57,10 +57,6 @@ public:
  static bool IsMatroskaType(const MediaContainerType& aType);

  static bool IsSupportedType(const MediaContainerType& aType);
-
-  // For some content types we block channel redirects to cross origin
-  // destinations due to security constraints. See bug 1441153.
-  static bool CrossOriginRedirectsProhibited(const MediaContainerType& aType);
 };

 } // namespace mozilla
--- a/dom/media/MediaPrefs.h
+++ b/dom/media/MediaPrefs.h
@ -205,6 +205,7 @@ private:

  // Media Seamless Looping
  DECL_MEDIA_PREF("media.seamless-looping",                   SeamlessLooping, bool, true);
+
 public:
  // Manage the singleton:
  static MediaPrefs& GetSingleton();