Bug 1495359 - FeaturePolicy: encrypted-media, r=cpearce

2018-10-02 11:55:27 +02:00 · 2018-10-02 11:55:27 +02:00 · 99eef68114
--- a/dom/base/Navigator.cpp
+++ b/dom/base/Navigator.cpp
@ -36,6 +36,7 @@
 #include "BatteryManager.h"
 #include "mozilla/dom/CredentialsContainer.h"
 #include "mozilla/dom/Clipboard.h"
+#include "mozilla/dom/FeaturePolicyUtils.h"
 #include "mozilla/dom/GamepadServiceTest.h"
 #include "mozilla/dom/MediaCapabilities.h"
 #include "mozilla/dom/WakeLock.h"
@ -1721,6 +1722,14 @@ Navigator::RequestMediaKeySystemAccess(const nsAString& aKeySystem,
                                    ArrayLength(params));
  }

+  nsIDocument* doc = mWindow->GetExtantDoc();
+  if (doc &&
+      !FeaturePolicyUtils::IsFeatureAllowed(doc,
+                                            NS_LITERAL_STRING("encrypted-media"))) {
+    aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
+    return nullptr;
+  }
+
  RefPtr<DetailedPromise> promise =
    DetailedPromise::Create(mWindow->AsGlobal(), aRv,
      NS_LITERAL_CSTRING("navigator.requestMediaKeySystemAccess"),
--- a/dom/security/featurepolicy/FeaturePolicyUtils.cpp
+++ b/dom/security/featurepolicy/FeaturePolicyUtils.cpp
@ -29,7 +29,6 @@ static FeatureMap sSupportedFeatures[] = {
  { "autoplay", FeatureMap::eSelf },
  // TODO: not supported yet!!!
  { "camera", FeatureMap::eSelf  },
-  // TODO: not supported yet!!!
  { "encrypted-media", FeatureMap::eSelf  },
  // TODO: not supported yet!!!
  { "fullscreen", FeatureMap::eSelf  },
--- a/testing/web-platform/meta/encrypted-media/dir.ini
+++ b/testing/web-platform/meta/encrypted-media/dir.ini
@ -1 +1,2 @@
+prefs: [dom.security.featurePolicy.enabled:true]
 lsan-allowed: [Alloc, MakeUnique, Malloc, NewPage, Realloc, mozilla::EMEDecryptor::EMEDecryptor, mozilla::SchedulerGroup::CreateEventTargetFor, CreateCDMProxy, mozilla::dom::MediaKeys::CreateCDMProxy, mozilla::dom::nsIContentChild::GetConstructedEventTarget]
--- a/testing/web-platform/meta/encrypted-media/clearkey-mp4-unique-origin.https.html.ini
+++ b/testing/web-platform/meta/encrypted-media/clearkey-mp4-unique-origin.https.html.ini
@ -1,4 +0,0 @@
-[clearkey-mp4-unique-origin.https.html]
-  [Unique origin is unable to create MediaKeys]
-    expected: FAIL
-
--- a/testing/web-platform/meta/encrypted-media/encrypted-media-default-feature-policy.https.sub.html.ini
+++ b/testing/web-platform/meta/encrypted-media/encrypted-media-default-feature-policy.https.sub.html.ini
@ -3,9 +3,6 @@
  [Default "encrypted-media" feature policy ["self"\] allows same-origin iframes.]
    expected: TIMEOUT

-  [Default "encrypted-media" feature policy ["self"\] disallows cross-origin iframes.]
-    expected: FAIL
-
  [Feature policy "encrypted-media" can be enabled in cross-origin iframes using "allow" attribute.]
    expected: FAIL