зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1443942 - Block mid-flight redirects to cross origin destinations during media loads. r=jya
There's no compelling use case for mid-flight redirects, and Chrome already blocks it, so there's little point in maintaining it. Add a hidden pref to toggle blocking, so we can toggle it off during testing to ensure that we're blocking a working mid-flight redirect. MozReview-Commit-ID: EnGNmYFr8Uv --HG-- extra : rebase_source : cdc122a11a648f2451d2983df42597d8274ac9fb
This commit is contained in:
Родитель
51e2dbf071
Коммит
31d1174127
|
@ -166,10 +166,9 @@ ChannelMediaDecoder::NotifyPrincipalChanged()
|
|||
mInitialChannelPrincipalKnown = true;
|
||||
return;
|
||||
}
|
||||
if (!mSameOriginMedia &&
|
||||
DecoderTraits::CrossOriginRedirectsProhibited(ContainerType())) {
|
||||
// For some content types we block mid-flight channel redirects to cross
|
||||
// origin destinations due to security constraints. See bug 1441153.
|
||||
if (!mSameOriginMedia && MediaPrefs::BlockMidflightRedirects()) {
|
||||
// Block mid-flight redirects to non CORS same origin destinations.
|
||||
// See bugs 1441153, 1443942.
|
||||
LOG("ChannnelMediaDecoder prohibited cross origin redirect blocked.");
|
||||
NetworkError(MediaResult(NS_ERROR_DOM_BAD_URI,
|
||||
"Prohibited cross origin redirect blocked"));
|
||||
|
|
|
@ -325,11 +325,4 @@ bool DecoderTraits::IsSupportedInVideoDocument(const nsACString& aType)
|
|||
false;
|
||||
}
|
||||
|
||||
/* static */
|
||||
bool
|
||||
DecoderTraits::CrossOriginRedirectsProhibited(const MediaContainerType& aType)
|
||||
{
|
||||
return WaveDecoder::IsSupportedType(aType);
|
||||
}
|
||||
|
||||
} // namespace mozilla
|
||||
|
|
|
@ -57,10 +57,6 @@ public:
|
|||
static bool IsMatroskaType(const MediaContainerType& aType);
|
||||
|
||||
static bool IsSupportedType(const MediaContainerType& aType);
|
||||
|
||||
// For some content types we block channel redirects to cross origin
|
||||
// destinations due to security constraints. See bug 1441153.
|
||||
static bool CrossOriginRedirectsProhibited(const MediaContainerType& aType);
|
||||
};
|
||||
|
||||
} // namespace mozilla
|
||||
|
|
|
@ -205,6 +205,9 @@ private:
|
|||
|
||||
// Media Seamless Looping
|
||||
DECL_MEDIA_PREF("media.seamless-looping", SeamlessLooping, bool, true);
|
||||
|
||||
DECL_MEDIA_PREF("media.block-midflight-redirects", BlockMidflightRedirects, bool, true);
|
||||
|
||||
public:
|
||||
// Manage the singleton:
|
||||
static MediaPrefs& GetSingleton();
|
||||
|
|
Загрузка…
Ссылка в новой задаче