Bug 1443942 - Block mid-flight redirects to cross origin destinations during media loads. r=jya

There's no compelling use case for mid-flight redirects, and Chrome
already blocks it, so there's little point in maintaining it.

Add a hidden pref to toggle blocking, so we can toggle it off during
testing to ensure that we're blocking a working mid-flight redirect.

MozReview-Commit-ID: EnGNmYFr8Uv

--HG--
extra : rebase_source : cdc122a11a648f2451d2983df42597d8274ac9fb
This commit is contained in:
Chris Pearce 2018-03-06 09:55:03 +13:00
Родитель 51e2dbf071
Коммит 31d1174127
4 изменённых файлов: 6 добавлений и 15 удалений

Просмотреть файл

@ -166,10 +166,9 @@ ChannelMediaDecoder::NotifyPrincipalChanged()
mInitialChannelPrincipalKnown = true;
return;
}
if (!mSameOriginMedia &&
DecoderTraits::CrossOriginRedirectsProhibited(ContainerType())) {
// For some content types we block mid-flight channel redirects to cross
// origin destinations due to security constraints. See bug 1441153.
if (!mSameOriginMedia && MediaPrefs::BlockMidflightRedirects()) {
// Block mid-flight redirects to non CORS same origin destinations.
// See bugs 1441153, 1443942.
LOG("ChannnelMediaDecoder prohibited cross origin redirect blocked.");
NetworkError(MediaResult(NS_ERROR_DOM_BAD_URI,
"Prohibited cross origin redirect blocked"));

Просмотреть файл

@ -325,11 +325,4 @@ bool DecoderTraits::IsSupportedInVideoDocument(const nsACString& aType)
false;
}
/* static */
bool
DecoderTraits::CrossOriginRedirectsProhibited(const MediaContainerType& aType)
{
return WaveDecoder::IsSupportedType(aType);
}
} // namespace mozilla

Просмотреть файл

@ -57,10 +57,6 @@ public:
static bool IsMatroskaType(const MediaContainerType& aType);
static bool IsSupportedType(const MediaContainerType& aType);
// For some content types we block channel redirects to cross origin
// destinations due to security constraints. See bug 1441153.
static bool CrossOriginRedirectsProhibited(const MediaContainerType& aType);
};
} // namespace mozilla

Просмотреть файл

@ -205,6 +205,9 @@ private:
// Media Seamless Looping
DECL_MEDIA_PREF("media.seamless-looping", SeamlessLooping, bool, true);
DECL_MEDIA_PREF("media.block-midflight-redirects", BlockMidflightRedirects, bool, true);
public:
// Manage the singleton:
static MediaPrefs& GetSingleton();