mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-21 17:25:36 +00:00
Bug 1443942 - Block mid-flight redirects to cross origin destinations during media loads. r=jya
There's no compelling use case for mid-flight redirects, and Chrome already blocks it, so there's little point in maintaining it. Add a hidden pref to toggle blocking, so we can toggle it off during testing to ensure that we're blocking a working mid-flight redirect. MozReview-Commit-ID: EnGNmYFr8Uv --HG-- extra : rebase_source : cdc122a11a648f2451d2983df42597d8274ac9fb
This commit is contained in:
parent
51e2dbf071
commit
31d1174127
@ -166,10 +166,9 @@ ChannelMediaDecoder::NotifyPrincipalChanged()
|
|||||||
mInitialChannelPrincipalKnown = true;
|
mInitialChannelPrincipalKnown = true;
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if (!mSameOriginMedia &&
|
if (!mSameOriginMedia && MediaPrefs::BlockMidflightRedirects()) {
|
||||||
DecoderTraits::CrossOriginRedirectsProhibited(ContainerType())) {
|
// Block mid-flight redirects to non CORS same origin destinations.
|
||||||
// For some content types we block mid-flight channel redirects to cross
|
// See bugs 1441153, 1443942.
|
||||||
// origin destinations due to security constraints. See bug 1441153.
|
|
||||||
LOG("ChannnelMediaDecoder prohibited cross origin redirect blocked.");
|
LOG("ChannnelMediaDecoder prohibited cross origin redirect blocked.");
|
||||||
NetworkError(MediaResult(NS_ERROR_DOM_BAD_URI,
|
NetworkError(MediaResult(NS_ERROR_DOM_BAD_URI,
|
||||||
"Prohibited cross origin redirect blocked"));
|
"Prohibited cross origin redirect blocked"));
|
||||||
|
@ -325,11 +325,4 @@ bool DecoderTraits::IsSupportedInVideoDocument(const nsACString& aType)
|
|||||||
false;
|
false;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* static */
|
|
||||||
bool
|
|
||||||
DecoderTraits::CrossOriginRedirectsProhibited(const MediaContainerType& aType)
|
|
||||||
{
|
|
||||||
return WaveDecoder::IsSupportedType(aType);
|
|
||||||
}
|
|
||||||
|
|
||||||
} // namespace mozilla
|
} // namespace mozilla
|
||||||
|
@ -57,10 +57,6 @@ public:
|
|||||||
static bool IsMatroskaType(const MediaContainerType& aType);
|
static bool IsMatroskaType(const MediaContainerType& aType);
|
||||||
|
|
||||||
static bool IsSupportedType(const MediaContainerType& aType);
|
static bool IsSupportedType(const MediaContainerType& aType);
|
||||||
|
|
||||||
// For some content types we block channel redirects to cross origin
|
|
||||||
// destinations due to security constraints. See bug 1441153.
|
|
||||||
static bool CrossOriginRedirectsProhibited(const MediaContainerType& aType);
|
|
||||||
};
|
};
|
||||||
|
|
||||||
} // namespace mozilla
|
} // namespace mozilla
|
||||||
|
@ -205,6 +205,9 @@ private:
|
|||||||
|
|
||||||
// Media Seamless Looping
|
// Media Seamless Looping
|
||||||
DECL_MEDIA_PREF("media.seamless-looping", SeamlessLooping, bool, true);
|
DECL_MEDIA_PREF("media.seamless-looping", SeamlessLooping, bool, true);
|
||||||
|
|
||||||
|
DECL_MEDIA_PREF("media.block-midflight-redirects", BlockMidflightRedirects, bool, true);
|
||||||
|
|
||||||
public:
|
public:
|
||||||
// Manage the singleton:
|
// Manage the singleton:
|
||||||
static MediaPrefs& GetSingleton();
|
static MediaPrefs& GetSingleton();
|
||||||
|
Loading…
Reference in New Issue
Block a user