From 31d1174127a4e63cf4c62aabafe93c435491b80f Mon Sep 17 00:00:00 2001 From: Chris Pearce Date: Tue, 6 Mar 2018 09:55:03 +1300 Subject: [PATCH] Bug 1443942 - Block mid-flight redirects to cross origin destinations during media loads. r=jya There's no compelling use case for mid-flight redirects, and Chrome already blocks it, so there's little point in maintaining it. Add a hidden pref to toggle blocking, so we can toggle it off during testing to ensure that we're blocking a working mid-flight redirect. MozReview-Commit-ID: EnGNmYFr8Uv --HG-- extra : rebase_source : cdc122a11a648f2451d2983df42597d8274ac9fb --- dom/media/ChannelMediaDecoder.cpp | 7 +++---- dom/media/DecoderTraits.cpp | 7 ------- dom/media/DecoderTraits.h | 4 ---- dom/media/MediaPrefs.h | 3 +++ 4 files changed, 6 insertions(+), 15 deletions(-) diff --git a/dom/media/ChannelMediaDecoder.cpp b/dom/media/ChannelMediaDecoder.cpp index 7a0c46374d45..2e9cc1bffc49 100644 --- a/dom/media/ChannelMediaDecoder.cpp +++ b/dom/media/ChannelMediaDecoder.cpp @@ -166,10 +166,9 @@ ChannelMediaDecoder::NotifyPrincipalChanged() mInitialChannelPrincipalKnown = true; return; } - if (!mSameOriginMedia && - DecoderTraits::CrossOriginRedirectsProhibited(ContainerType())) { - // For some content types we block mid-flight channel redirects to cross - // origin destinations due to security constraints. See bug 1441153. + if (!mSameOriginMedia && MediaPrefs::BlockMidflightRedirects()) { + // Block mid-flight redirects to non CORS same origin destinations. + // See bugs 1441153, 1443942. LOG("ChannnelMediaDecoder prohibited cross origin redirect blocked."); NetworkError(MediaResult(NS_ERROR_DOM_BAD_URI, "Prohibited cross origin redirect blocked")); diff --git a/dom/media/DecoderTraits.cpp b/dom/media/DecoderTraits.cpp index 7a510b49281f..3369447e189e 100644 --- a/dom/media/DecoderTraits.cpp +++ b/dom/media/DecoderTraits.cpp @@ -325,11 +325,4 @@ bool DecoderTraits::IsSupportedInVideoDocument(const nsACString& aType) false; } -/* static */ -bool -DecoderTraits::CrossOriginRedirectsProhibited(const MediaContainerType& aType) -{ - return WaveDecoder::IsSupportedType(aType); -} - } // namespace mozilla diff --git a/dom/media/DecoderTraits.h b/dom/media/DecoderTraits.h index 4a3081a62f83..72e65d51ff19 100644 --- a/dom/media/DecoderTraits.h +++ b/dom/media/DecoderTraits.h @@ -57,10 +57,6 @@ public: static bool IsMatroskaType(const MediaContainerType& aType); static bool IsSupportedType(const MediaContainerType& aType); - - // For some content types we block channel redirects to cross origin - // destinations due to security constraints. See bug 1441153. - static bool CrossOriginRedirectsProhibited(const MediaContainerType& aType); }; } // namespace mozilla diff --git a/dom/media/MediaPrefs.h b/dom/media/MediaPrefs.h index 8bd06a774ab9..94787f8704c3 100644 --- a/dom/media/MediaPrefs.h +++ b/dom/media/MediaPrefs.h @@ -205,6 +205,9 @@ private: // Media Seamless Looping DECL_MEDIA_PREF("media.seamless-looping", SeamlessLooping, bool, true); + + DECL_MEDIA_PREF("media.block-midflight-redirects", BlockMidflightRedirects, bool, true); + public: // Manage the singleton: static MediaPrefs& GetSingleton();