From 0ebc1bfba08fc225298b9d3ee92a3adb2411aa98 Mon Sep 17 00:00:00 2001 From: Chris Pearce Date: Tue, 6 Mar 2018 09:55:03 +1300 Subject: [PATCH] Bug 1443942 - Block mid-flight redirects to cross origin destinations during media loads. r=jya There's no compelling use case for mid-flight redirects, and Chrome already blocks it, so there's little point in maintaining it. Add a hidden pref to toggle blocking, so we can toggle it off during testing to ensure that we're blocking a working mid-flight redirect. MozReview-Commit-ID: EnGNmYFr8Uv --HG-- extra : rebase_source : 3ed71273da24f8f0c8bc24ceede49afa7775650d --- dom/media/ChannelMediaDecoder.cpp | 6 +++--- dom/media/DecoderTraits.cpp | 7 ------- dom/media/DecoderTraits.h | 4 ---- dom/media/MediaPrefs.h | 1 + 4 files changed, 4 insertions(+), 14 deletions(-) diff --git a/dom/media/ChannelMediaDecoder.cpp b/dom/media/ChannelMediaDecoder.cpp index 7a0c46374d45..4b7fc9025488 100644 --- a/dom/media/ChannelMediaDecoder.cpp +++ b/dom/media/ChannelMediaDecoder.cpp @@ -167,9 +167,9 @@ ChannelMediaDecoder::NotifyPrincipalChanged() return; } if (!mSameOriginMedia && - DecoderTraits::CrossOriginRedirectsProhibited(ContainerType())) { - // For some content types we block mid-flight channel redirects to cross - // origin destinations due to security constraints. See bug 1441153. + Preferences::GetBool("media.block-midflight-redirects", true)) { + // Block mid-flight redirects to non CORS same origin destinations. + // See bugs 1441153, 1443942. LOG("ChannnelMediaDecoder prohibited cross origin redirect blocked."); NetworkError(MediaResult(NS_ERROR_DOM_BAD_URI, "Prohibited cross origin redirect blocked")); diff --git a/dom/media/DecoderTraits.cpp b/dom/media/DecoderTraits.cpp index 7a510b49281f..3369447e189e 100644 --- a/dom/media/DecoderTraits.cpp +++ b/dom/media/DecoderTraits.cpp @@ -325,11 +325,4 @@ bool DecoderTraits::IsSupportedInVideoDocument(const nsACString& aType) false; } -/* static */ -bool -DecoderTraits::CrossOriginRedirectsProhibited(const MediaContainerType& aType) -{ - return WaveDecoder::IsSupportedType(aType); -} - } // namespace mozilla diff --git a/dom/media/DecoderTraits.h b/dom/media/DecoderTraits.h index 4a3081a62f83..72e65d51ff19 100644 --- a/dom/media/DecoderTraits.h +++ b/dom/media/DecoderTraits.h @@ -57,10 +57,6 @@ public: static bool IsMatroskaType(const MediaContainerType& aType); static bool IsSupportedType(const MediaContainerType& aType); - - // For some content types we block channel redirects to cross origin - // destinations due to security constraints. See bug 1441153. - static bool CrossOriginRedirectsProhibited(const MediaContainerType& aType); }; } // namespace mozilla diff --git a/dom/media/MediaPrefs.h b/dom/media/MediaPrefs.h index 8bd06a774ab9..68953042f70c 100644 --- a/dom/media/MediaPrefs.h +++ b/dom/media/MediaPrefs.h @@ -205,6 +205,7 @@ private: // Media Seamless Looping DECL_MEDIA_PREF("media.seamless-looping", SeamlessLooping, bool, true); + public: // Manage the singleton: static MediaPrefs& GetSingleton();