<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[167193] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/167193">167193</a></dd>
<dt>Author</dt> <dd>commit-queue@webkit.org</dd>
<dt>Date</dt> <dd>2014-04-13 02:33:30 -0700 (Sun, 13 Apr 2014)</dd>
</dl>
<h3>Log Message</h3>
<pre>[GStreamer] No CORS support for media elements
https://bugs.webkit.org/show_bug.cgi?id=99037
Patch by Youenn Fablet <youenn.fablet@crf.canon.fr> on 2014-04-13
Reviewed by Philippe Normand.
Source/WebCore:
Added CORS access control check to media sources when crossorigin attribute is set.
Added getter to CORS access control check status (used to compute whether the stream is tainted or not).
Related test is http/tests/security/video-cross-origin-readback.html.
Disabled access to cross-origin streams that fail CORS check when crossorigin attribute is set.
Related test is http/tests/security/video-cross-origin-accessfailure.html.
Tests: http/tests/security/video-cross-origin-accessfailure.html
http/tests/security/video-cross-origin-accesssameorigin.html
* platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
(WebCore::MediaPlayerPrivateGStreamer::didPassCORSAccessCheck): Return whether media is cross-origin (tainted) or not by querying the gstreamer source layer.
* platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h: Added MediaPlayerPrivateGStreamer::didPassCORSAccessCheck declaration.
* platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
(webKitWebSrcStart): Passed CORS mode parameter to the streaming client. In case of CORS check failure, stop the resource loading.
(webKitSrcPassedCORSAccessCheck): Return whether CORS access control check was done and successful.
(StreamingClient::handleResponseReceived): Take a parameter to assign the CORS access control check result.
(CachedResourceStreamingClient::CachedResourceStreamingClient): Updated setting of the ResourceLoaderOptions according CORS mode.
(CachedResourceStreamingClient::responseReceived): Check CORS and pass result to handleResponseReceived.
(ResourceHandleStreamingClient::didReceiveResponse): No CORS check.
* platform/graphics/gstreamer/WebKitWebSourceGStreamer.h: Added webKitSrcPassedCORSAccessCheck declaration.
LayoutTests:
http/tests/security/video-cross-origin-accessfailure.html verifies that cross-origin streams that fail CORS check
are not played when crossorigin attribute is set.
http/tests/security/video-cross-origin-accesssameorigin.html verifies that access to same-origin streams
are played when crossorigin attribute is set.
* http/tests/security/video-cross-origin-accessfailure-expected.txt: Added.
* http/tests/security/video-cross-origin-accessfailure.html: Added.
* http/tests/security/video-cross-origin-accesssameorigin-expected.txt: Added.
* http/tests/security/video-cross-origin-accesssameorigin.html: Added.
* platform/efl/TestExpectations: Enabled http/tests/security/video-cross-origin-readback.html.
* platform/gtk/TestExpectations: Ditto.
* platform/mac/TestExpectations: Disabled http/tests/security/video-cross-origin-accessfailure.html.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsplatformeflTestExpectations">trunk/LayoutTests/platform/efl/TestExpectations</a></li>
<li><a href="#trunkLayoutTestsplatformgtkTestExpectations">trunk/LayoutTests/platform/gtk/TestExpectations</a></li>
<li><a href="#trunkLayoutTestsplatformmacTestExpectations">trunk/LayoutTests/platform/mac/TestExpectations</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoreplatformgraphicsgstreamerMediaPlayerPrivateGStreamercpp">trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp</a></li>
<li><a href="#trunkSourceWebCoreplatformgraphicsgstreamerMediaPlayerPrivateGStreamerh">trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h</a></li>
<li><a href="#trunkSourceWebCoreplatformgraphicsgstreamerWebKitWebSourceGStreamercpp">trunk/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp</a></li>
<li><a href="#trunkSourceWebCoreplatformgraphicsgstreamerWebKitWebSourceGStreamerh">trunk/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.h</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkLayoutTestshttptestssecurityvideocrossoriginaccessfailureexpectedtxt">trunk/LayoutTests/http/tests/security/video-cross-origin-accessfailure-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityvideocrossoriginaccessfailurehtml">trunk/LayoutTests/http/tests/security/video-cross-origin-accessfailure.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityvideocrossoriginaccesssameoriginexpectedtxt">trunk/LayoutTests/http/tests/security/video-cross-origin-accesssameorigin-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityvideocrossoriginaccesssameoriginhtml">trunk/LayoutTests/http/tests/security/video-cross-origin-accesssameorigin.html</a></li>
</ul>
<h3>Property Changed</h3>
<ul>
<li><a href="#trunkLayoutTestsplatformmacTestExpectations">trunk/LayoutTests/platform/mac/TestExpectations</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (167192 => 167193)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog 2014-04-13 08:05:57 UTC (rev 167192)
+++ trunk/LayoutTests/ChangeLog 2014-04-13 09:33:30 UTC (rev 167193)
</span><span class="lines">@@ -1,3 +1,23 @@
</span><ins>+2014-04-13 Youenn Fablet <youenn.fablet@crf.canon.fr>
+
+ [GStreamer] No CORS support for media elements
+ https://bugs.webkit.org/show_bug.cgi?id=99037
+
+ Reviewed by Philippe Normand.
+
+ http/tests/security/video-cross-origin-accessfailure.html verifies that cross-origin streams that fail CORS check
+ are not played when crossorigin attribute is set.
+ http/tests/security/video-cross-origin-accesssameorigin.html verifies that access to same-origin streams
+ are played when crossorigin attribute is set.
+
+ * http/tests/security/video-cross-origin-accessfailure-expected.txt: Added.
+ * http/tests/security/video-cross-origin-accessfailure.html: Added.
+ * http/tests/security/video-cross-origin-accesssameorigin-expected.txt: Added.
+ * http/tests/security/video-cross-origin-accesssameorigin.html: Added.
+ * platform/efl/TestExpectations: Enabled http/tests/security/video-cross-origin-readback.html.
+ * platform/gtk/TestExpectations: Ditto.
+ * platform/mac/TestExpectations: Disabled http/tests/security/video-cross-origin-accessfailure.html.
+
</ins><span class="cx"> 2014-04-13 Darin Adler <darin@apple.com>
</span><span class="cx">
</span><span class="cx"> REGRESSION (r166860): ASSERTION FAILED: !isCalculated() on fast/css/image-set-value-not-removed-crash.html
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityvideocrossoriginaccessfailureexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/video-cross-origin-accessfailure-expected.txt (0 => 167193)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/video-cross-origin-accessfailure-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/video-cross-origin-accessfailure-expected.txt 2014-04-13 09:33:30 UTC (rev 167193)
</span><span class="lines">@@ -0,0 +1,3 @@
</span><ins>+EVENT(error)
+END OF TEST
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityvideocrossoriginaccessfailurehtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/video-cross-origin-accessfailure.html (0 => 167193)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/video-cross-origin-accessfailure.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/video-cross-origin-accessfailure.html 2014-04-13 09:33:30 UTC (rev 167193)
</span><span class="lines">@@ -0,0 +1,27 @@
</span><ins>+<html>
+ <!-- Trying to access a cross origin resource, but response does not contain CORS headers.
+ Video play back is expected to fail. -->
+ <body onload="start()">
+ <script src=../../media-resources/video-test.js></script>
+ <script src=../../media-resources/media-file.js></script>
+ <script>
+ waitForEvent('error', function() {
+ endTest();
+ });
+
+ waitForEvent('playing', function() {
+ failTest("Video stream access should not be granted");
+ });
+
+ function start() {
+ findMediaElement();
+ var mediaFile = findMediaFile("video", "../../media/resources/test");
+ video.src = "http://localhost:8080/" + mediaFile;
+ video.play();
+ }
+ </script>
+
+ <video crossorigin></video>
+ <canvas></canvas>
+ </body>
+</head>
</ins><span class="cx">Property changes on: trunk/LayoutTests/http/tests/security/video-cross-origin-accessfailure.html
</span><span class="cx">___________________________________________________________________
</span></span></pre></div>
<a id="svnexecutable"></a>
<div class="addfile"><h4>Added: svn:executable</h4></div>
<a id="trunkLayoutTestshttptestssecurityvideocrossoriginaccesssameoriginexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/video-cross-origin-accesssameorigin-expected.txt (0 => 167193)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/video-cross-origin-accesssameorigin-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/video-cross-origin-accesssameorigin-expected.txt 2014-04-13 09:33:30 UTC (rev 167193)
</span><span class="lines">@@ -0,0 +1,3 @@
</span><ins>+EVENT(playing)
+END OF TEST
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityvideocrossoriginaccesssameoriginhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/video-cross-origin-accesssameorigin.html (0 => 167193)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/video-cross-origin-accesssameorigin.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/video-cross-origin-accesssameorigin.html 2014-04-13 09:33:30 UTC (rev 167193)
</span><span class="lines">@@ -0,0 +1,27 @@
</span><ins>+<html>
+ <!-- Trying to access a same origin resource, video element setting crossorigin attribute.
+ Video play back is expected to succeed. -->
+ <body onload="start()">
+ <script src=../../media-resources/video-test.js></script>
+ <script src=../../media-resources/media-file.js></script>
+ <script>
+ waitForEvent('error', function() {
+ failTest("Video stream access should succeed");
+ });
+
+ waitForEvent('playing', function() {
+ endTest();
+ });
+
+ function start() {
+ findMediaElement();
+ var mediaFile = findMediaFile("video", "../../media/resources/test");
+ video.src = mediaFile;
+ video.play();
+ }
+ </script>
+
+ <video crossorigin></video>
+ <canvas></canvas>
+ </body>
+</head>
</ins><span class="cx">Property changes on: trunk/LayoutTests/http/tests/security/video-cross-origin-accesssameorigin.html
</span><span class="cx">___________________________________________________________________
</span></span></pre></div>
<a id="svnexecutable"></a>
<div class="addfile"><h4>Added: svn:executable</h4></div>
<a id="trunkLayoutTestsplatformeflTestExpectations"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/efl/TestExpectations (167192 => 167193)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/efl/TestExpectations 2014-04-13 08:05:57 UTC (rev 167192)
+++ trunk/LayoutTests/platform/efl/TestExpectations 2014-04-13 09:33:30 UTC (rev 167193)
</span><span class="lines">@@ -301,9 +301,6 @@
</span><span class="cx"> # Pre-HMTL5 parser quirks only apply to the mac port for now.
</span><span class="cx"> fast/parser/pre-html5-parser-quirks.html [ WontFix ]
</span><span class="cx">
</span><del>-# No CORS support for media elements is implemented yet.
-Bug(EFL) http/tests/security/video-cross-origin-readback.html [ Failure ]
-
</del><span class="cx"> # Perf tests are way too slow and some may fail due to timeout.
</span><span class="cx"> perf/adding-radio-buttons.html [ WontFix ]
</span><span class="cx"> perf/array-binary-search.html [ WontFix ]
</span></span></pre></div>
<a id="trunkLayoutTestsplatformgtkTestExpectations"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/gtk/TestExpectations (167192 => 167193)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/gtk/TestExpectations 2014-04-13 08:05:57 UTC (rev 167192)
+++ trunk/LayoutTests/platform/gtk/TestExpectations 2014-04-13 09:33:30 UTC (rev 167193)
</span><span class="lines">@@ -300,9 +300,6 @@
</span><span class="cx"> webkit.org/b/79203 webaudio/mediastreamaudiodestinationnode.html [ Skip ]
</span><span class="cx"> webkit.org/b/79203 webaudio/mediastreamaudiosourcenode.html [ Skip ]
</span><span class="cx">
</span><del>-# No CORS support for media elements is implemented yet.
-webkit.org/b/99037 http/tests/security/video-cross-origin-readback.html [ Failure ]
-
</del><span class="cx"> # New test infrastructure required -- need isolated worlds
</span><span class="cx"> webkit.org/b/31508 http/tests/security/isolatedWorld [ Skip ]
</span><span class="cx"> webkit.org/b/31508 plugins/npruntime/overrides-all-properties.html [ Skip ]
</span></span></pre></div>
<a id="trunkLayoutTestsplatformmacTestExpectations"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/mac/TestExpectations (167192 => 167193)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/mac/TestExpectations 2014-04-13 08:05:57 UTC (rev 167192)
+++ trunk/LayoutTests/platform/mac/TestExpectations 2014-04-13 09:33:30 UTC (rev 167193)
</span><span class="lines">@@ -503,6 +503,7 @@
</span><span class="cx">
</span><span class="cx"> # No CORS support for media elements is implemented yet.
</span><span class="cx"> http/tests/security/video-cross-origin-readback.html
</span><ins>+http/tests/security/video-cross-origin-accessfailure.html
</ins><span class="cx">
</span><span class="cx"> # media/audio-repaint.html sometimes fails on Lion Debug (Tests)
</span><span class="cx"> webkit.org/b/84357 media/audio-repaint.html [ Failure ]
</span><span class="cx">Property changes on: trunk/LayoutTests/platform/mac/TestExpectations
</span><span class="cx">___________________________________________________________________
</span></span></pre></div>
<a id="svnexecutable"></a>
<div class="addfile"><h4>Added: svn:executable</h4></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (167192 => 167193)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2014-04-13 08:05:57 UTC (rev 167192)
+++ trunk/Source/WebCore/ChangeLog 2014-04-13 09:33:30 UTC (rev 167193)
</span><span class="lines">@@ -1,3 +1,33 @@
</span><ins>+2014-04-13 Youenn Fablet <youenn.fablet@crf.canon.fr>
+
+ [GStreamer] No CORS support for media elements
+ https://bugs.webkit.org/show_bug.cgi?id=99037
+
+ Reviewed by Philippe Normand.
+
+ Added CORS access control check to media sources when crossorigin attribute is set.
+
+ Added getter to CORS access control check status (used to compute whether the stream is tainted or not).
+ Related test is http/tests/security/video-cross-origin-readback.html.
+
+ Disabled access to cross-origin streams that fail CORS check when crossorigin attribute is set.
+ Related test is http/tests/security/video-cross-origin-accessfailure.html.
+
+ Tests: http/tests/security/video-cross-origin-accessfailure.html
+ http/tests/security/video-cross-origin-accesssameorigin.html
+
+ * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
+ (WebCore::MediaPlayerPrivateGStreamer::didPassCORSAccessCheck): Return whether media is cross-origin (tainted) or not by querying the gstreamer source layer.
+ * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h: Added MediaPlayerPrivateGStreamer::didPassCORSAccessCheck declaration.
+ * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
+ (webKitWebSrcStart): Passed CORS mode parameter to the streaming client. In case of CORS check failure, stop the resource loading.
+ (webKitSrcPassedCORSAccessCheck): Return whether CORS access control check was done and successful.
+ (StreamingClient::handleResponseReceived): Take a parameter to assign the CORS access control check result.
+ (CachedResourceStreamingClient::CachedResourceStreamingClient): Updated setting of the ResourceLoaderOptions according CORS mode.
+ (CachedResourceStreamingClient::responseReceived): Check CORS and pass result to handleResponseReceived.
+ (ResourceHandleStreamingClient::didReceiveResponse): No CORS check.
+ * platform/graphics/gstreamer/WebKitWebSourceGStreamer.h: Added webKitSrcPassedCORSAccessCheck declaration.
+
</ins><span class="cx"> 2014-04-12 Darin Adler <darin@apple.com>
</span><span class="cx">
</span><span class="cx"> REGRESSION (r166860): ASSERTION FAILED: !isCalculated() on fast/css/image-set-value-not-removed-crash.html
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformgraphicsgstreamerMediaPlayerPrivateGStreamercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp (167192 => 167193)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp 2014-04-13 08:05:57 UTC (rev 167192)
+++ trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp 2014-04-13 09:33:30 UTC (rev 167193)
</span><span class="lines">@@ -1891,6 +1891,13 @@
</span><span class="cx"> gst_element_post_message(m_playBin.get(), message);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+bool MediaPlayerPrivateGStreamer::didPassCORSAccessCheck() const
+{
+ if (WEBKIT_IS_WEB_SRC(m_source.get()))
+ return webKitSrcPassedCORSAccessCheck(WEBKIT_WEB_SRC(m_source.get()));
+ return false;
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+}
+
</ins><span class="cx"> #endif // USE(GSTREAMER)
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformgraphicsgstreamerMediaPlayerPrivateGStreamerh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h (167192 => 167193)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h 2014-04-13 08:05:57 UTC (rev 167192)
+++ trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h 2014-04-13 09:33:30 UTC (rev 167193)
</span><span class="lines">@@ -159,6 +159,7 @@
</span><span class="cx">
</span><span class="cx"> virtual String engineDescription() const { return "GStreamer"; }
</span><span class="cx"> virtual bool isLiveStream() const { return m_isStreaming; }
</span><ins>+ virtual bool didPassCORSAccessCheck() const;
</ins><span class="cx">
</span><span class="cx"> private:
</span><span class="cx"> GRefPtr<GstElement> m_playBin;
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformgraphicsgstreamerWebKitWebSourceGStreamercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp (167192 => 167193)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp 2014-04-13 08:05:57 UTC (rev 167192)
+++ trunk/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp 2014-04-13 09:33:30 UTC (rev 167193)
</span><span class="lines">@@ -27,6 +27,7 @@
</span><span class="cx"> #include "CachedResourceHandle.h"
</span><span class="cx"> #include "CachedResourceLoader.h"
</span><span class="cx"> #include "CachedResourceRequest.h"
</span><ins>+#include "CrossOriginAccessControl.h"
</ins><span class="cx"> #include "GRefPtrGStreamer.h"
</span><span class="cx"> #include "GStreamerUtilities.h"
</span><span class="cx"> #include "MediaPlayer.h"
</span><span class="lines">@@ -35,6 +36,7 @@
</span><span class="cx"> #include "ResourceHandleClient.h"
</span><span class="cx"> #include "ResourceRequest.h"
</span><span class="cx"> #include "ResourceResponse.h"
</span><ins>+#include "SecurityOrigin.h"
</ins><span class="cx"> #include "SharedBuffer.h"
</span><span class="cx"> #include <gst/app/gstappsrc.h>
</span><span class="cx"> #include <gst/gst.h>
</span><span class="lines">@@ -48,6 +50,12 @@
</span><span class="cx">
</span><span class="cx"> using namespace WebCore;
</span><span class="cx">
</span><ins>+enum CORSAccessCheckResult {
+ CORSNoCheck,
+ CORSSuccess,
+ CORSFailure
+};
+
</ins><span class="cx"> class StreamingClient {
</span><span class="cx"> public:
</span><span class="cx"> StreamingClient(WebKitWebSrc*);
</span><span class="lines">@@ -58,7 +66,7 @@
</span><span class="cx">
</span><span class="cx"> protected:
</span><span class="cx"> char* createReadBuffer(size_t requestedSize, size_t& actualSize);
</span><del>- void handleResponseReceived(const ResourceResponse&);
</del><ins>+ void handleResponseReceived(const ResourceResponse&, CORSAccessCheckResult);
</ins><span class="cx"> void handleDataReceived(const char*, int);
</span><span class="cx"> void handleNotifyFinished();
</span><span class="cx">
</span><span class="lines">@@ -68,7 +76,7 @@
</span><span class="cx"> class CachedResourceStreamingClient : public CachedRawResourceClient, public StreamingClient {
</span><span class="cx"> WTF_MAKE_NONCOPYABLE(CachedResourceStreamingClient); WTF_MAKE_FAST_ALLOCATED;
</span><span class="cx"> public:
</span><del>- CachedResourceStreamingClient(WebKitWebSrc*, CachedResourceLoader*, const ResourceRequest&);
</del><ins>+ CachedResourceStreamingClient(WebKitWebSrc*, CachedResourceLoader*, const ResourceRequest&, MediaPlayerClient::CORSMode);
</ins><span class="cx"> virtual ~CachedResourceStreamingClient();
</span><span class="cx">
</span><span class="cx"> // StreamingClient virtual methods.
</span><span class="lines">@@ -83,6 +91,7 @@
</span><span class="cx"> virtual void notifyFinished(CachedResource*);
</span><span class="cx">
</span><span class="cx"> CachedResourceHandle<CachedRawResource> m_resource;
</span><ins>+ RefPtr<SecurityOrigin> m_origin;
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> class ResourceHandleStreamingClient : public ResourceHandleClient, public StreamingClient {
</span><span class="lines">@@ -120,6 +129,8 @@
</span><span class="cx">
</span><span class="cx"> StreamingClient* client;
</span><span class="cx">
</span><ins>+ CORSAccessCheckResult corsAccessCheck;
+
</ins><span class="cx"> guint64 offset;
</span><span class="cx"> guint64 size;
</span><span class="cx"> gboolean seekable;
</span><span class="lines">@@ -437,6 +448,8 @@
</span><span class="cx">
</span><span class="cx"> GMutexLocker locker(GST_OBJECT_GET_LOCK(src));
</span><span class="cx">
</span><ins>+ priv->corsAccessCheck = CORSNoCheck;
+
</ins><span class="cx"> if (!priv->uri) {
</span><span class="cx"> GST_ERROR_OBJECT(src, "No URI provided");
</span><span class="cx"> locker.unlock();
</span><span class="lines">@@ -483,7 +496,7 @@
</span><span class="cx">
</span><span class="cx"> if (priv->player) {
</span><span class="cx"> if (CachedResourceLoader* loader = priv->player->cachedResourceLoader())
</span><del>- priv->client = new CachedResourceStreamingClient(src, loader, request);
</del><ins>+ priv->client = new CachedResourceStreamingClient(src, loader, request, priv->player->mediaPlayerClient()->mediaPlayerCORSMode());
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if (!priv->client)
</span><span class="lines">@@ -753,6 +766,11 @@
</span><span class="cx"> src->priv->player = player;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+bool webKitSrcPassedCORSAccessCheck(WebKitWebSrc* src)
+{
+ return src->priv->corsAccessCheck == CORSSuccess;
+}
+
</ins><span class="cx"> StreamingClient::StreamingClient(WebKitWebSrc* src)
</span><span class="cx"> : m_src(adoptGRef(static_cast<GstElement*>(gst_object_ref(src))))
</span><span class="cx"> {
</span><span class="lines">@@ -781,16 +799,19 @@
</span><span class="cx"> return getGstBufferDataPointer(buffer);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void StreamingClient::handleResponseReceived(const ResourceResponse& response)
</del><ins>+void StreamingClient::handleResponseReceived(const ResourceResponse& response, CORSAccessCheckResult corsAccessCheck)
</ins><span class="cx"> {
</span><span class="cx"> WebKitWebSrc* src = WEBKIT_WEB_SRC(m_src.get());
</span><span class="cx"> WebKitWebSrcPrivate* priv = src->priv;
</span><span class="cx">
</span><span class="cx"> GST_DEBUG_OBJECT(src, "Received response: %d", response.httpStatusCode());
</span><span class="cx">
</span><del>- if (response.httpStatusCode() >= 400) {
- // Received error code
- GST_ELEMENT_ERROR(src, RESOURCE, READ, ("Received %d HTTP error code", response.httpStatusCode()), (0));
</del><ins>+ if (response.httpStatusCode() >= 400 || corsAccessCheck == CORSFailure) {
+ // Received error code or CORS check failed
+ if (corsAccessCheck == CORSFailure)
+ GST_ELEMENT_ERROR(src, RESOURCE, READ, ("Cross-origin stream load denied by Cross-Origin Resource Sharing policy."), (nullptr));
+ else
+ GST_ELEMENT_ERROR(src, RESOURCE, READ, ("Received %d HTTP error code", response.httpStatusCode()), (nullptr));
</ins><span class="cx"> gst_app_src_end_of_stream(priv->appsrc);
</span><span class="cx"> webKitWebSrcStop(src);
</span><span class="cx"> return;
</span><span class="lines">@@ -798,6 +819,8 @@
</span><span class="cx">
</span><span class="cx"> GMutexLocker locker(GST_OBJECT_GET_LOCK(src));
</span><span class="cx">
</span><ins>+ priv->corsAccessCheck = corsAccessCheck;
+
</ins><span class="cx"> if (priv->seekSource.isActive()) {
</span><span class="cx"> GST_DEBUG_OBJECT(src, "Seek in progress, ignoring response");
</span><span class="cx"> return;
</span><span class="lines">@@ -811,7 +834,7 @@
</span><span class="cx"> } else if (response.httpStatusCode() != 206) {
</span><span class="cx"> // Range request completely failed.
</span><span class="cx"> locker.unlock();
</span><del>- GST_ELEMENT_ERROR(src, RESOURCE, READ, ("Received unexpected %d HTTP status code", response.httpStatusCode()), (0));
</del><ins>+ GST_ELEMENT_ERROR(src, RESOURCE, READ, ("Received unexpected %d HTTP status code", response.httpStatusCode()), (nullptr));
</ins><span class="cx"> gst_app_src_end_of_stream(priv->appsrc);
</span><span class="cx"> webKitWebSrcStop(src);
</span><span class="cx"> return;
</span><span class="lines">@@ -969,11 +992,22 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>-CachedResourceStreamingClient::CachedResourceStreamingClient(WebKitWebSrc* src, CachedResourceLoader* resourceLoader, const ResourceRequest& request)
</del><ins>+CachedResourceStreamingClient::CachedResourceStreamingClient(WebKitWebSrc* src, CachedResourceLoader* resourceLoader, const ResourceRequest& request, MediaPlayerClient::CORSMode corsMode)
</ins><span class="cx"> : StreamingClient(src)
</span><span class="cx"> {
</span><span class="cx"> DataBufferingPolicy bufferingPolicy = request.url().protocolIs("blob") ? BufferData : DoNotBufferData;
</span><del>- CachedResourceRequest cacheRequest(request, ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, bufferingPolicy, DoNotAllowStoredCredentials, DoNotAskClientForCrossOriginCredentials, DoSecurityCheck, UseDefaultOriginRestrictionsForType));
</del><ins>+ RequestOriginPolicy corsPolicy = corsMode != MediaPlayerClient::Unspecified ? PotentiallyCrossOriginEnabled : UseDefaultOriginRestrictionsForType;
+ StoredCredentials allowCredentials = corsMode == MediaPlayerClient::UseCredentials ? AllowStoredCredentials : DoNotAllowStoredCredentials;
+ ResourceLoaderOptions options(SendCallbacks, DoNotSniffContent, bufferingPolicy, allowCredentials, DoNotAskClientForCrossOriginCredentials, DoSecurityCheck, corsPolicy);
+
+ CachedResourceRequest cacheRequest(request, options);
+
+ if (corsMode != MediaPlayerClient::Unspecified) {
+ m_origin = resourceLoader->document() ? resourceLoader->document()->securityOrigin() : nullptr;
+ updateRequestForAccessControl(cacheRequest.mutableResourceRequest(), m_origin.get(), allowCredentials);
+ }
+
+ // TODO: Decide whether to use preflight mode for cross-origin requests (see http://wkbug.com/131484).
</ins><span class="cx"> m_resource = resourceLoader->requestRawResource(cacheRequest);
</span><span class="cx"> if (m_resource)
</span><span class="cx"> m_resource->addClient(this);
</span><span class="lines">@@ -1003,9 +1037,12 @@
</span><span class="cx"> return createReadBuffer(requestedSize, actualSize);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void CachedResourceStreamingClient::responseReceived(CachedResource*, const ResourceResponse& response)
</del><ins>+void CachedResourceStreamingClient::responseReceived(CachedResource* resource, const ResourceResponse& response)
</ins><span class="cx"> {
</span><del>- handleResponseReceived(response);
</del><ins>+ CORSAccessCheckResult corsAccessCheck = CORSNoCheck;
+ if (m_origin)
+ corsAccessCheck = (m_origin->canRequest(response.url()) || resource->passesAccessControlCheck(m_origin.get())) ? CORSSuccess : CORSFailure;
+ handleResponseReceived(response, corsAccessCheck);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void CachedResourceStreamingClient::dataReceived(CachedResource*, const char* data, int length)
</span><span class="lines">@@ -1067,7 +1104,7 @@
</span><span class="cx">
</span><span class="cx"> void ResourceHandleStreamingClient::didReceiveResponse(ResourceHandle*, const ResourceResponse& response)
</span><span class="cx"> {
</span><del>- handleResponseReceived(response);
</del><ins>+ handleResponseReceived(response, CORSNoCheck);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void ResourceHandleStreamingClient::didReceiveData(ResourceHandle*, const char* /* data */, unsigned /* length */, int)
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformgraphicsgstreamerWebKitWebSourceGStreamerh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.h (167192 => 167193)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.h 2014-04-13 08:05:57 UTC (rev 167192)
+++ trunk/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.h 2014-04-13 09:33:30 UTC (rev 167193)
</span><span class="lines">@@ -47,6 +47,7 @@
</span><span class="cx">
</span><span class="cx"> GType webkit_web_src_get_type(void);
</span><span class="cx"> void webKitWebSrcSetMediaPlayer(WebKitWebSrc*, WebCore::MediaPlayer*);
</span><ins>+bool webKitSrcPassedCORSAccessCheck(WebKitWebSrc*);
</ins><span class="cx">
</span><span class="cx"> G_END_DECLS
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>