<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[208249] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/208249">208249</a></dd>
<dt>Author</dt> <dd>eric.carlson@apple.com</dd>
<dt>Date</dt> <dd>2016-11-01 15:00:23 -0700 (Tue, 01 Nov 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>[MediaStream] restrict media capture secure connections
https://bugs.webkit.org/show_bug.cgi?id=164234
<rdar://problem/28944906>
Reviewed by Alex Christensen.
Source/WebCore:
Tests: http/tests/ssl/media-stream/get-user-media-different-host.html
http/tests/ssl/media-stream/get-user-media-nested.html
http/tests/ssl/media-stream/get-user-media-secure-connection.html
* Modules/mediastream/UserMediaRequest.cpp:
(WebCore::isSecure): New.
(WebCore::canCallGetUserMedia): New.
(WebCore::UserMediaRequest::start): When the setting says the require secure a secure connection,
fail immediately if the page or one of its ancestors is not secure.
* page/Settings.cpp:
(WebCore::Settings::mediaCaptureRequiresSecureConnection): New.
(WebCore::Settings::setMediaCaptureRequiresSecureConnection): New.
* page/Settings.h:
* testing/InternalSettings.cpp:
(WebCore::InternalSettings::InternalSettings): Do not require a secure connection for media
capture during tests.
(WebCore::InternalSettings::resetToConsistentState):
(WebCore::InternalSettings::setMediaCaptureRequiresSecureConnection):
* testing/InternalSettings.h:
* testing/InternalSettings.idl:
* testing/Internals.cpp:
(WebCore::Internals::Internals):
Source/WebKit/mac:
* WebView/WebPreferenceKeysPrivate.h:
* WebView/WebPreferences.mm:
(+[WebPreferences initialize]): Initialize WebKitMediaCaptureRequiresSecureConnectionPreferenceKey.
(-[WebPreferences mediaCaptureRequiresSecureConnection]): New.
(-[WebPreferences setMediaCaptureRequiresSecureConnection:]): New.
* WebView/WebPreferencesPrivate.h:
* WebView/WebView.mm:
(-[WebView _preferencesChanged:]): Sync mediaCaptureRequiresSecureConnection.
Source/WebKit2:
* Shared/WebPreferencesDefinitions.h:
* UIProcess/API/C/WKPreferences.cpp:
(WKPreferencesSetMediaCaptureRequiresSecureConnection):
(WKPreferencesGetMediaCaptureRequiresSecureConnection):
* UIProcess/API/C/WKPreferencesRefPrivate.h:
* UIProcess/UserMediaPermissionRequestManagerProxy.cpp:
(WebKit::UserMediaPermissionRequestManagerProxy::requestUserMediaPermissionForFrame): Drive by
fix: remove some unused parameters in a lambda call.
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::updatePreferences):
LayoutTests:
* http/tests/ssl/media-stream: Added.
* http/tests/ssl/media-stream/get-user-media-different-host-expected.txt: Added.
* http/tests/ssl/media-stream/get-user-media-different-host.html: Added.
* http/tests/ssl/media-stream/get-user-media-nested-expected.txt: Added.
* http/tests/ssl/media-stream/get-user-media-nested.html: Added.
* http/tests/ssl/media-stream/get-user-media-secure-connection-expected.txt: Added.
* http/tests/ssl/media-stream/get-user-media-secure-connection.html: Added.
* http/tests/ssl/media-stream/resources: Added.
* http/tests/ssl/media-stream/resources/get-user-media-frame.html: Added.
* http/tests/ssl/media-stream/resources/get-user-media.js: Added.
(else.createURL):
(createURL):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsplatformmacwk1TestExpectations">trunk/LayoutTests/platform/mac-wk1/TestExpectations</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoreModulesmediastreamUserMediaRequestcpp">trunk/Source/WebCore/Modules/mediastream/UserMediaRequest.cpp</a></li>
<li><a href="#trunkSourceWebCorepageSettingscpp">trunk/Source/WebCore/page/Settings.cpp</a></li>
<li><a href="#trunkSourceWebCorepageSettingsh">trunk/Source/WebCore/page/Settings.h</a></li>
<li><a href="#trunkSourceWebCoretestingInternalSettingscpp">trunk/Source/WebCore/testing/InternalSettings.cpp</a></li>
<li><a href="#trunkSourceWebCoretestingInternalSettingsh">trunk/Source/WebCore/testing/InternalSettings.h</a></li>
<li><a href="#trunkSourceWebCoretestingInternalSettingsidl">trunk/Source/WebCore/testing/InternalSettings.idl</a></li>
<li><a href="#trunkSourceWebCoretestingInternalscpp">trunk/Source/WebCore/testing/Internals.cpp</a></li>
<li><a href="#trunkSourceWebKitmacChangeLog">trunk/Source/WebKit/mac/ChangeLog</a></li>
<li><a href="#trunkSourceWebKitmacWebViewWebPreferenceKeysPrivateh">trunk/Source/WebKit/mac/WebView/WebPreferenceKeysPrivate.h</a></li>
<li><a href="#trunkSourceWebKitmacWebViewWebPreferencesmm">trunk/Source/WebKit/mac/WebView/WebPreferences.mm</a></li>
<li><a href="#trunkSourceWebKitmacWebViewWebPreferencesPrivateh">trunk/Source/WebKit/mac/WebView/WebPreferencesPrivate.h</a></li>
<li><a href="#trunkSourceWebKitmacWebViewWebViewmm">trunk/Source/WebKit/mac/WebView/WebView.mm</a></li>
<li><a href="#trunkSourceWebKit2ChangeLog">trunk/Source/WebKit2/ChangeLog</a></li>
<li><a href="#trunkSourceWebKit2SharedWebPreferencesDefinitionsh">trunk/Source/WebKit2/Shared/WebPreferencesDefinitions.h</a></li>
<li><a href="#trunkSourceWebKit2UIProcessAPICWKPreferencescpp">trunk/Source/WebKit2/UIProcess/API/C/WKPreferences.cpp</a></li>
<li><a href="#trunkSourceWebKit2UIProcessAPICWKPreferencesRefPrivateh">trunk/Source/WebKit2/UIProcess/API/C/WKPreferencesRefPrivate.h</a></li>
<li><a href="#trunkSourceWebKit2UIProcessUserMediaPermissionRequestManagerProxycpp">trunk/Source/WebKit2/UIProcess/UserMediaPermissionRequestManagerProxy.cpp</a></li>
<li><a href="#trunkSourceWebKit2WebProcessWebPageWebPagecpp">trunk/Source/WebKit2/WebProcess/WebPage/WebPage.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li>trunk/LayoutTests/http/tests/ssl/media-stream/</li>
<li><a href="#trunkLayoutTestshttptestssslmediastreamgetusermediadifferenthostexpectedtxt">trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-different-host-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssslmediastreamgetusermediadifferenthosthtml">trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-different-host.html</a></li>
<li><a href="#trunkLayoutTestshttptestssslmediastreamgetusermedianestedexpectedtxt">trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-nested-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssslmediastreamgetusermedianestedhtml">trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-nested.html</a></li>
<li><a href="#trunkLayoutTestshttptestssslmediastreamgetusermediasecureconnectionexpectedtxt">trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-secure-connection-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssslmediastreamgetusermediasecureconnectionhtml">trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-secure-connection.html</a></li>
<li>trunk/LayoutTests/http/tests/ssl/media-stream/resources/</li>
<li><a href="#trunkLayoutTestshttptestssslmediastreamresourcesgetusermediaframehtml">trunk/LayoutTests/http/tests/ssl/media-stream/resources/get-user-media-frame.html</a></li>
<li><a href="#trunkLayoutTestshttptestssslmediastreamresourcesgetusermediajs">trunk/LayoutTests/http/tests/ssl/media-stream/resources/get-user-media.js</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (208248 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog        2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/LayoutTests/ChangeLog        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -1,3 +1,24 @@
</span><ins>+2016-11-01 Eric Carlson <eric.carlson@apple.com>
+
+ [MediaStream] restrict media capture secure connections
+ https://bugs.webkit.org/show_bug.cgi?id=164234
+ <rdar://problem/28944906>
+
+ Reviewed by Alex Christensen.
+
+ * http/tests/ssl/media-stream: Added.
+ * http/tests/ssl/media-stream/get-user-media-different-host-expected.txt: Added.
+ * http/tests/ssl/media-stream/get-user-media-different-host.html: Added.
+ * http/tests/ssl/media-stream/get-user-media-nested-expected.txt: Added.
+ * http/tests/ssl/media-stream/get-user-media-nested.html: Added.
+ * http/tests/ssl/media-stream/get-user-media-secure-connection-expected.txt: Added.
+ * http/tests/ssl/media-stream/get-user-media-secure-connection.html: Added.
+ * http/tests/ssl/media-stream/resources: Added.
+ * http/tests/ssl/media-stream/resources/get-user-media-frame.html: Added.
+ * http/tests/ssl/media-stream/resources/get-user-media.js: Added.
+ (else.createURL):
+ (createURL):
+
</ins><span class="cx"> 2016-11-01 Devin Rousso <dcrousso+webkit@gmail.com>
</span><span class="cx">
</span><span class="cx"> Web Inspector: Replace sublists inside DOM-related model objects with WI.Collection
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssslmediastreamgetusermediadifferenthostexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-different-host-expected.txt (0 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-different-host-expected.txt         (rev 0)
+++ trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-different-host-expected.txt        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -0,0 +1,18 @@
</span><ins>+CONSOLE MESSAGE: line 52: Trying to call getUserMedia from a document with a different security origin than its top-level frame.
+Tests that getUserMedia fails when the top level document and iframe do not have the same domain.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+URL: https://127.0.0.1:8443/ssl/media-stream/get-user-media-different-host.html
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+URL: https://localhost:8443/ssl/media-stream/resources/get-user-media-frame.html?fail;1
+
+PASS getUserMedia failed with error: "NotAllowedError (DOM Exception 35): The request is not allowed by the user agent or the platform in the current context, possibly because the user denied permission."
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssslmediastreamgetusermediadifferenthosthtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-different-host.html (0 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-different-host.html         (rev 0)
+++ trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-different-host.html        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -0,0 +1,23 @@
</span><ins>+<!DOCTYPE HTML>
+<html>
+ <head>
+ <script src="../../resources/js-test-pre.js"></script>
+ <script src="resources/get-user-media.js"></script>
+ <script>
+
+ let testInfo = {
+ shouldSucceed : false,
+ depth: 1,
+ mainFrame : { protocol : "https:", host: "127.0.0.1", port: 8443 },
+ iFrame : { protocol : "https:", host: "localhost", port: 8443, pathname: "/ssl/media-stream/resources/get-user-media-frame.html" }
+ };
+
+ description("Tests that getUserMedia fails when the top level document and iframe do not have the same domain.");
+
+ </script>
+ </head>
+ <body>
+ <div id="console"></div>
+ <script src="../../../../resources/js-test-post.js"></script>
+ </body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssslmediastreamgetusermedianestedexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-nested-expected.txt (0 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-nested-expected.txt         (rev 0)
+++ trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-nested-expected.txt        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -0,0 +1,30 @@
</span><ins>+CONSOLE MESSAGE: line 52: Trying to call getUserMedia from a document with a different security origin than its top-level frame.
+Tests that getUserMedia fails when the top level document and iframe do not have the same domain.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+URL: https://127.0.0.1:8443/ssl/media-stream/get-user-media-nested.html
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+URL: https://localhost:8443/ssl/media-stream/resources/get-user-media-frame.html?fail;3
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->/<!--frame0-->-->'
+--------
+URL: https://localhost:8443/ssl/media-stream/resources/get-user-media-frame.html?fail;2
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->/<!--frame0-->/<!--frame0-->-->'
+--------
+URL: https://localhost:8443/ssl/media-stream/resources/get-user-media-frame.html?fail;1
+
+PASS getUserMedia failed with error: "NotAllowedError (DOM Exception 35): The request is not allowed by the user agent or the platform in the current context, possibly because the user denied permission."
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssslmediastreamgetusermedianestedhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-nested.html (0 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-nested.html         (rev 0)
+++ trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-nested.html        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -0,0 +1,26 @@
</span><ins>+<!DOCTYPE HTML>
+<html>
+ <head>
+ <style>
+ iframe { border: 1px solid black; width: 400px; height: 400px;}
+ </style>
+ <script src="../../resources/js-test-pre.js"></script>
+ <script src="resources/get-user-media.js"></script>
+ <script>
+
+ let testInfo = {
+ shouldSucceed : false,
+ depth: 3,
+ mainFrame : { protocol : "https:", host: "127.0.0.1", port: 8443 },
+ iFrame : { protocol : "https:", host: "localhost", port: 8443, pathname: "/ssl/media-stream/resources/get-user-media-frame.html" }
+ };
+
+ description("Tests that getUserMedia fails when the top level document and iframe do not have the same domain.");
+
+ </script>
+ </head>
+ <body>
+ <div id="console"></div>
+ <script src="../../../../resources/js-test-post.js"></script>
+ </body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssslmediastreamgetusermediasecureconnectionexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-secure-connection-expected.txt (0 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-secure-connection-expected.txt         (rev 0)
+++ trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-secure-connection-expected.txt        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -0,0 +1,17 @@
</span><ins>+Tests that getUserMedia is allowed when the top level document and iframe have the same origin and are both on a secure connection.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+URL: https://127.0.0.1:8443/ssl/media-stream/get-user-media-secure-connection.html
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+URL: https://127.0.0.1:8443/ssl/media-stream/resources/get-user-media-frame.html?succeed;1
+
+PASS getUserMedia succeeded
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssslmediastreamgetusermediasecureconnectionhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-secure-connection.html (0 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-secure-connection.html         (rev 0)
+++ trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-secure-connection.html        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -0,0 +1,22 @@
</span><ins>+<!DOCTYPE HTML>
+<html>
+ <head>
+ <script src="../../resources/js-test-pre.js"></script>
+ <script src="resources/get-user-media.js"></script>
+ <script>
+
+ let testInfo = {
+ shouldSucceed : true,
+ depth: 1,
+ mainFrame : { protocol : "https:", host: "127.0.0.1", port: 8443 },
+ iFrame : { protocol : "https:", host: "127.0.0.1", port: 8443, pathname: "/ssl/media-stream/resources/get-user-media-frame.html" }
+ };
+
+ description("Tests that getUserMedia is allowed when the top level document and iframe have the same origin and are both on a secure connection.");
+
+ </script>
+ </head>
+ <body>
+ <div id="console"></div>
+ </body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssslmediastreamresourcesgetusermediaframehtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/ssl/media-stream/resources/get-user-media-frame.html (0 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/ssl/media-stream/resources/get-user-media-frame.html         (rev 0)
+++ trunk/LayoutTests/http/tests/ssl/media-stream/resources/get-user-media-frame.html        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -0,0 +1,58 @@
</span><ins>+<!DOCTYPE HTML>
+<html>
+ <body>
+ <div id="console">
+
+ <script>
+
+ if (window.testRunner) {
+ testRunner.waitUntilDone();
+ testRunner.dumpChildFramesAsText(true);
+ }
+
+ const params = new URL(window.location.href).search.substr(1).split(';');
+ const fail = (msg) => { return `<span><span class="fail">FAIL</span> ${msg}</span>` }
+ const success = (msg) => { return `<span><span class="fail">PASS</span> ${msg}</span>` }
+ const debug = (msg) => {
+ let span = document.createElement("span");
+ span.innerHTML = msg + '<br>';
+ document.getElementById("console").appendChild(span);
+ }
+
+ const mode = params[0];
+ function finish(error, stream)
+ {
+ if (mode === "succeed") {
+ if (stream)
+ debug(success("getUserMedia succeeded"));
+ else
+ debug(fail(`getUserMedia should have succeeded but failed with error "${error}"`));
+ } else {
+ if (error)
+ debug(success(`getUserMedia failed with error: "${error}"`));
+ else
+ debug(fail(`getUserMedia should have succeeded, but failed with error "${error}"`));
+ }
+
+ debug('<br><span class="pass">TEST COMPLETE</span>');
+ if (window.testRunner)
+ testRunner.notifyDone();
+ }
+
+ debug(`URL: ${window.location.href}`);
+
+ const depth = params[1];
+ if (depth > 1) {
+ let iframe = document.createElement("iframe");
+ let url = window.location.href.split('?')[0];
+ iframe.src = `${url}?${mode};${depth - 1}`;
+ document.body.appendChild(iframe);
+ } else {
+ debug("");
+ navigator.mediaDevices.getUserMedia({audio:true})
+ .then(stream => { finish(null, stream); })
+ .catch(err => { finish(err, null); });
+ }
+ </script>
+ </body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssslmediastreamresourcesgetusermediajs"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/ssl/media-stream/resources/get-user-media.js (0 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/ssl/media-stream/resources/get-user-media.js         (rev 0)
+++ trunk/LayoutTests/http/tests/ssl/media-stream/resources/get-user-media.js        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -0,0 +1,30 @@
</span><ins>+
+ window.jsTestIsAsync = true;
+
+ window.addEventListener("load", () => {
+
+ if (window.testRunner) {
+ testRunner.waitUntilDone();
+ testRunner.setUserMediaPermission(true);
+ testRunner.dumpAsText();
+ testRunner.dumpChildFramesAsText(true);
+ }
+ if (window.internals)
+ internals.settings.setMediaCaptureRequiresSecureConnection(true);
+
+ if (location.protocol != testInfo.mainFrame.protocol)
+ window.location = createURL(new URL(window.location.href).pathname, testInfo.mainFrame);
+ else {
+ debug(`URL: ${window.location.href}`);
+ let iframe = document.createElement("iframe");
+ let search = testInfo.shouldSucceed ? "succeed" : "fail"
+ iframe.src = `${createURL(testInfo.iFrame.pathname, testInfo.iFrame)}?${search};${testInfo.depth}`;
+ document.body.appendChild(iframe);
+ }
+ });
+
+ function createURL(pathName, info)
+ {
+ let port = info.port != 0 ? `:${info.port}` : '';
+ return `${info.protocol}//${info.host}${port}${pathName}`;
+ }
</ins><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="trunkLayoutTestsplatformmacwk1TestExpectations"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/mac-wk1/TestExpectations (208248 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/mac-wk1/TestExpectations        2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/LayoutTests/platform/mac-wk1/TestExpectations        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -91,6 +91,7 @@
</span><span class="cx"> # Media Stream API testing is not supported for WK1 yet.
</span><span class="cx"> fast/mediastream
</span><span class="cx"> http/tests/media/media-stream
</span><ins>+http/tests/ssl/media-stream
</ins><span class="cx">
</span><span class="cx"> # Disable snapshotting tests on WK1 only
</span><span class="cx"> plugins/snapshotting
</span></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (208248 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog        2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebCore/ChangeLog        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -1,3 +1,36 @@
</span><ins>+2016-11-01 Eric Carlson <eric.carlson@apple.com>
+
+ [MediaStream] restrict media capture secure connections
+ https://bugs.webkit.org/show_bug.cgi?id=164234
+ <rdar://problem/28944906>
+
+ Reviewed by Alex Christensen.
+
+ Tests: http/tests/ssl/media-stream/get-user-media-different-host.html
+ http/tests/ssl/media-stream/get-user-media-nested.html
+ http/tests/ssl/media-stream/get-user-media-secure-connection.html
+
+ * Modules/mediastream/UserMediaRequest.cpp:
+ (WebCore::isSecure): New.
+ (WebCore::canCallGetUserMedia): New.
+ (WebCore::UserMediaRequest::start): When the setting says the require secure a secure connection,
+ fail immediately if the page or one of its ancestors is not secure.
+
+ * page/Settings.cpp:
+ (WebCore::Settings::mediaCaptureRequiresSecureConnection): New.
+ (WebCore::Settings::setMediaCaptureRequiresSecureConnection): New.
+ * page/Settings.h:
+
+ * testing/InternalSettings.cpp:
+ (WebCore::InternalSettings::InternalSettings): Do not require a secure connection for media
+ capture during tests.
+ (WebCore::InternalSettings::resetToConsistentState):
+ (WebCore::InternalSettings::setMediaCaptureRequiresSecureConnection):
+ * testing/InternalSettings.h:
+ * testing/InternalSettings.idl:
+ * testing/Internals.cpp:
+ (WebCore::Internals::Internals):
+
</ins><span class="cx"> 2016-11-01 Gavin Barraclough <barraclough@apple.com>
</span><span class="cx">
</span><span class="cx"> Port Page timer throttling to use ActivityState instead of PageThrottler
</span></span></pre></div>
<a id="trunkSourceWebCoreModulesmediastreamUserMediaRequestcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/Modules/mediastream/UserMediaRequest.cpp (208248 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/Modules/mediastream/UserMediaRequest.cpp        2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebCore/Modules/mediastream/UserMediaRequest.cpp        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -38,6 +38,7 @@
</span><span class="cx"> #include "UserMediaRequest.h"
</span><span class="cx">
</span><span class="cx"> #include "Document.h"
</span><ins>+#include "DocumentLoader.h"
</ins><span class="cx"> #include "ExceptionCode.h"
</span><span class="cx"> #include "Frame.h"
</span><span class="cx"> #include "JSMediaStream.h"
</span><span class="lines">@@ -48,6 +49,7 @@
</span><span class="cx"> #include "OverconstrainedError.h"
</span><span class="cx"> #include "RealtimeMediaSourceCenter.h"
</span><span class="cx"> #include "SecurityOrigin.h"
</span><ins>+#include "Settings.h"
</ins><span class="cx"> #include "UserMediaController.h"
</span><span class="cx"> #include <wtf/MainThread.h>
</span><span class="cx">
</span><span class="lines">@@ -99,12 +101,70 @@
</span><span class="cx"> return m_scriptExecutionContext->topOrigin();
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+static bool isSecure(DocumentLoader& documentLoader)
+{
+ if (!documentLoader.response().url().protocolIs("https"))
+ return false;
+
+ if (!documentLoader.response().certificateInfo() || documentLoader.response().certificateInfo()->containsNonRootSHA1SignedCertificate())
+ return false;
+
+ return true;
+}
+
+static bool canCallGetUserMedia(Document& document, String& errorMessage)
+{
+ bool requiresSecureConnection = document.frame()->settings().mediaCaptureRequiresSecureConnection();
+ if (requiresSecureConnection && !isSecure(*document.loader())) {
+ errorMessage = "Trying to call getUserMedia from an insecure document.";
+ return false;
+ }
+
+ auto& topDocument = document.topDocument();
+ if (&document != &topDocument) {
+ auto& topOrigin = *topDocument.topOrigin();
+
+ if (!document.securityOrigin()->isSameSchemeHostPort(&topOrigin)) {
+ errorMessage = "Trying to call getUserMedia from a document with a different security origin than its top-level frame.";
+ return false;
+ }
+
+ for (auto* ancestorDocument = document.parentDocument(); ancestorDocument != &topDocument; ancestorDocument = ancestorDocument->parentDocument()) {
+ if (requiresSecureConnection && !isSecure(*ancestorDocument->loader())) {
+ errorMessage = "Trying to call getUserMedia from a document with an insecure parent frame.";
+ return false;
+ }
+
+ if (!ancestorDocument->securityOrigin()->isSameSchemeHostPort(&topOrigin)) {
+ errorMessage = "Trying to call getUserMedia from a document with a different security origin than its top-level frame.";
+ return false;
+ }
+ }
+ }
+
+ return true;
+}
+
</ins><span class="cx"> void UserMediaRequest::start()
</span><span class="cx"> {
</span><del>- if (m_controller)
- m_controller->requestUserMediaAccess(*this);
- else
</del><ins>+ if (!m_scriptExecutionContext || !m_controller) {
</ins><span class="cx"> deny(MediaAccessDenialReason::OtherFailure, emptyString());
</span><ins>+ return;
+ }
+
+ Document& document = downcast<Document>(*m_scriptExecutionContext);
+ DOMWindow& window = *document.domWindow();
+
+ // 10.2 - 6.3 Optionally, e.g., based on a previously-established user preference, for security reasons,
+ // or due to platform limitations, jump to the step labeled Permission Failure below.
+ String errorMessage;
+ if (!canCallGetUserMedia(document, errorMessage)) {
+ deny(MediaAccessDenialReason::PermissionDenied, emptyString());
+ window.printErrorMessage(errorMessage);
+ return;
+ }
+
+ m_controller->requestUserMediaAccess(*this);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void UserMediaRequest::allow(const String& audioDeviceUID, const String& videoDeviceUID)
</span></span></pre></div>
<a id="trunkSourceWebCorepageSettingscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/Settings.cpp (208248 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/page/Settings.cpp        2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebCore/page/Settings.cpp        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -90,6 +90,7 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(MEDIA_STREAM)
</span><span class="cx"> bool Settings::gMockCaptureDevicesEnabled = false;
</span><ins>+bool Settings::gMediaCaptureRequiresSecureConnection = true;
</ins><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> #if PLATFORM(WIN)
</span><span class="lines">@@ -594,6 +595,16 @@
</span><span class="cx"> gMockCaptureDevicesEnabled = enabled;
</span><span class="cx"> MockRealtimeMediaSourceCenter::setMockRealtimeMediaSourceCenterEnabled(enabled);
</span><span class="cx"> }
</span><ins>+
+bool Settings::mediaCaptureRequiresSecureConnection() const
+{
+ return gMediaCaptureRequiresSecureConnection;
+}
+
+void Settings::setMediaCaptureRequiresSecureConnection(bool mediaCaptureRequiresSecureConnection)
+{
+ gMediaCaptureRequiresSecureConnection = mediaCaptureRequiresSecureConnection;
+}
</ins><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> void Settings::setScrollingPerformanceLoggingEnabled(bool enabled)
</span></span></pre></div>
<a id="trunkSourceWebCorepageSettingsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/Settings.h (208248 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/page/Settings.h        2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebCore/page/Settings.h        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -293,6 +293,9 @@
</span><span class="cx">
</span><span class="cx"> static bool mockCaptureDevicesEnabled();
</span><span class="cx"> WEBCORE_EXPORT static void setMockCaptureDevicesEnabled(bool);
</span><ins>+
+ bool mediaCaptureRequiresSecureConnection() const;
+ WEBCORE_EXPORT static void setMediaCaptureRequiresSecureConnection(bool);
</ins><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> #if ENABLE(APPLE_PAY)
</span><span class="lines">@@ -393,6 +396,7 @@
</span><span class="cx"> #if ENABLE(MEDIA_STREAM)
</span><span class="cx"> String m_mediaDeviceIdentifierStorageDirectory;
</span><span class="cx"> static bool gMockCaptureDevicesEnabled;
</span><ins>+ static bool gMediaCaptureRequiresSecureConnection;
</ins><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> #if ENABLE(APPLE_PAY)
</span></span></pre></div>
<a id="trunkSourceWebCoretestingInternalSettingscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/testing/InternalSettings.cpp (208248 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/testing/InternalSettings.cpp        2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebCore/testing/InternalSettings.cpp        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -220,6 +220,9 @@
</span><span class="cx"> #if ENABLE(WIRELESS_PLAYBACK_TARGET)
</span><span class="cx"> setAllowsAirPlayForMediaPlayback(false);
</span><span class="cx"> #endif
</span><ins>+#if ENABLE(MEDIA_STREAM)
+ setMediaCaptureRequiresSecureConnection(false);
+#endif
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> Ref<InternalSettings> InternalSettings::create(Page* page)
</span><span class="lines">@@ -237,6 +240,9 @@
</span><span class="cx"> #if ENABLE(WIRELESS_PLAYBACK_TARGET)
</span><span class="cx"> settings().setAllowsAirPlayForMediaPlayback(false);
</span><span class="cx"> #endif
</span><ins>+#if ENABLE(MEDIA_STREAM)
+ setMediaCaptureRequiresSecureConnection(false);
+#endif
</ins><span class="cx">
</span><span class="cx"> m_backup.restoreTo(settings());
</span><span class="cx"> m_backup = Backup { settings() };
</span><span class="lines">@@ -399,6 +405,18 @@
</span><span class="cx"> return { };
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ExceptionOr<void> InternalSettings::setMediaCaptureRequiresSecureConnection(bool requires)
+{
+ if (!m_page)
+ return Exception { INVALID_ACCESS_ERR };
+#if ENABLE(MEDIA_STREAM)
+ settings().setMediaCaptureRequiresSecureConnection(requires);
+#else
+ UNUSED_PARAM(requires);
+#endif
+ return { };
+}
+
</ins><span class="cx"> ExceptionOr<void> InternalSettings::setEditingBehavior(const String& editingBehavior)
</span><span class="cx"> {
</span><span class="cx"> if (!m_page)
</span></span></pre></div>
<a id="trunkSourceWebCoretestingInternalSettingsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/testing/InternalSettings.h (208248 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/testing/InternalSettings.h        2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebCore/testing/InternalSettings.h        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -65,6 +65,8 @@
</span><span class="cx"> ExceptionOr<void> setMediaTypeOverride(const String&);
</span><span class="cx"> ExceptionOr<void> setCanStartMedia(bool);
</span><span class="cx"> ExceptionOr<void> setAllowsAirPlayForMediaPlayback(bool);
</span><ins>+ ExceptionOr<void> setMediaCaptureRequiresSecureConnection(bool);
+
</ins><span class="cx"> ExceptionOr<void> setEditingBehavior(const String&);
</span><span class="cx"> ExceptionOr<void> setPreferMIMETypeForImages(bool);
</span><span class="cx"> ExceptionOr<void> setPDFImageCachingPolicy(const String&);
</span></span></pre></div>
<a id="trunkSourceWebCoretestingInternalSettingsidl"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/testing/InternalSettings.idl (208248 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/testing/InternalSettings.idl        2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebCore/testing/InternalSettings.idl        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -55,6 +55,7 @@
</span><span class="cx"> [MayThrowException] void setTimeWithoutMouseMovementBeforeHidingControls(unrestricted double time);
</span><span class="cx"> [MayThrowException] void setMediaTypeOverride(DOMString mediaTypeOverride);
</span><span class="cx"> void setAllowsAirPlayForMediaPlayback(boolean available);
</span><ins>+ [Conditional=MEDIA_STREAM, MayThrowException] void setMediaCaptureRequiresSecureConnection(boolean enable);
</ins><span class="cx">
</span><span class="cx"> [MayThrowException] void setForcePendingWebGLPolicy(boolean forced);
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCoretestingInternalscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/testing/Internals.cpp (208248 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/testing/Internals.cpp        2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebCore/testing/Internals.cpp        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -426,6 +426,7 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(MEDIA_STREAM)
</span><span class="cx"> setMockMediaCaptureDevicesEnabled(true);
</span><ins>+ WebCore::Settings::setMediaCaptureRequiresSecureConnection(false);
</ins><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> #if ENABLE(WEB_RTC)
</span></span></pre></div>
<a id="trunkSourceWebKitmacChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/mac/ChangeLog (208248 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/mac/ChangeLog        2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebKit/mac/ChangeLog        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -1,3 +1,21 @@
</span><ins>+2016-11-01 Eric Carlson <eric.carlson@apple.com>
+
+ [MediaStream] restrict media capture secure connections
+ https://bugs.webkit.org/show_bug.cgi?id=164234
+ <rdar://problem/28944906>
+
+ Reviewed by Alex Christensen.
+
+ * WebView/WebPreferenceKeysPrivate.h:
+ * WebView/WebPreferences.mm:
+ (+[WebPreferences initialize]): Initialize WebKitMediaCaptureRequiresSecureConnectionPreferenceKey.
+ (-[WebPreferences mediaCaptureRequiresSecureConnection]): New.
+ (-[WebPreferences setMediaCaptureRequiresSecureConnection:]): New.
+ * WebView/WebPreferencesPrivate.h:
+
+ * WebView/WebView.mm:
+ (-[WebView _preferencesChanged:]): Sync mediaCaptureRequiresSecureConnection.
+
</ins><span class="cx"> 2016-10-29 Filip Pizlo <fpizlo@apple.com>
</span><span class="cx">
</span><span class="cx"> JSC should support SharedArrayBuffer
</span></span></pre></div>
<a id="trunkSourceWebKitmacWebViewWebPreferenceKeysPrivateh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/mac/WebView/WebPreferenceKeysPrivate.h (208248 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/mac/WebView/WebPreferenceKeysPrivate.h        2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebKit/mac/WebView/WebPreferenceKeysPrivate.h        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -211,6 +211,7 @@
</span><span class="cx"> #define WebKitEnableInheritURIQueryComponentPreferenceKey @"WebKitEnableInheritURIQueryComponent"
</span><span class="cx"> #define WebKitMediaDataLoadsAutomaticallyPreferenceKey @"WebKitMediaDataLoadsAutomatically"
</span><span class="cx"> #define WebKitMockCaptureDevicesEnabledPreferenceKey @"WebKitMockCaptureDevicesEnabled"
</span><ins>+#define WebKitMediaCaptureRequiresSecureConnectionPreferenceKey @"WebKitMediaCaptureRequiresSecureConnection"
</ins><span class="cx">
</span><span class="cx"> #define WebKitAttachmentElementEnabledPreferenceKey @"WebKitAttachmentElementEnabled"
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebKitmacWebViewWebPreferencesmm"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/mac/WebView/WebPreferences.mm (208248 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/mac/WebView/WebPreferences.mm        2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebKit/mac/WebView/WebPreferences.mm        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -606,6 +606,7 @@
</span><span class="cx"> #endif
</span><span class="cx"> #if ENABLE(MEDIA_STREAM)
</span><span class="cx"> [NSNumber numberWithBool:NO], WebKitMockCaptureDevicesEnabledPreferenceKey,
</span><ins>+ [NSNumber numberWithBool:YES], WebKitMediaCaptureRequiresSecureConnectionPreferenceKey,
</ins><span class="cx"> #endif
</span><span class="cx"> [NSNumber numberWithBool:YES], WebKitShadowDOMEnabledPreferenceKey,
</span><span class="cx"> #if ENABLE(CUSTOM_ELEMENTS)
</span><span class="lines">@@ -2707,6 +2708,16 @@
</span><span class="cx"> [self _setBoolValue:flag forKey:WebKitMockCaptureDevicesEnabledPreferenceKey];
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+- (BOOL)mediaCaptureRequiresSecureConnection
+{
+ return [self _boolValueForKey:WebKitMediaCaptureRequiresSecureConnectionPreferenceKey];
+}
+
+- (void)setMediaCaptureRequiresSecureConnection:(BOOL)flag
+{
+ [self _setBoolValue:flag forKey:WebKitMediaCaptureRequiresSecureConnectionPreferenceKey];
+}
+
</ins><span class="cx"> - (BOOL)shadowDOMEnabled
</span><span class="cx"> {
</span><span class="cx"> return [self _boolValueForKey:WebKitShadowDOMEnabledPreferenceKey];
</span></span></pre></div>
<a id="trunkSourceWebKitmacWebViewWebPreferencesPrivateh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/mac/WebView/WebPreferencesPrivate.h (208248 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/mac/WebView/WebPreferencesPrivate.h        2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebKit/mac/WebView/WebPreferencesPrivate.h        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -476,6 +476,9 @@
</span><span class="cx"> - (void)setMockCaptureDevicesEnabled:(BOOL)flag;
</span><span class="cx"> - (BOOL)mockCaptureDevicesEnabled;
</span><span class="cx">
</span><ins>+- (void)setMediaCaptureRequiresSecureConnection:(BOOL)flag;
+- (BOOL)mediaCaptureRequiresSecureConnection;
+
</ins><span class="cx"> - (void)setShadowDOMEnabled:(BOOL)flag;
</span><span class="cx"> - (BOOL)shadowDOMEnabled;
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebKitmacWebViewWebViewmm"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/mac/WebView/WebView.mm (208248 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/mac/WebView/WebView.mm        2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebKit/mac/WebView/WebView.mm        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -2513,6 +2513,7 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(MEDIA_STREAM)
</span><span class="cx"> settings.setMockCaptureDevicesEnabled([preferences mockCaptureDevicesEnabled]);
</span><ins>+ settings.setMediaCaptureRequiresSecureConnection([preferences mediaCaptureRequiresSecureConnection]);
</ins><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> #if ENABLE(WEB_AUDIO)
</span></span></pre></div>
<a id="trunkSourceWebKit2ChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/ChangeLog (208248 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/ChangeLog        2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebKit2/ChangeLog        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -1,3 +1,25 @@
</span><ins>+2016-11-01 Eric Carlson <eric.carlson@apple.com>
+
+ [MediaStream] restrict media capture secure connections
+ https://bugs.webkit.org/show_bug.cgi?id=164234
+ <rdar://problem/28944906>
+
+ Reviewed by Alex Christensen.
+
+ * Shared/WebPreferencesDefinitions.h:
+
+ * UIProcess/API/C/WKPreferences.cpp:
+ (WKPreferencesSetMediaCaptureRequiresSecureConnection):
+ (WKPreferencesGetMediaCaptureRequiresSecureConnection):
+ * UIProcess/API/C/WKPreferencesRefPrivate.h:
+
+ * UIProcess/UserMediaPermissionRequestManagerProxy.cpp:
+ (WebKit::UserMediaPermissionRequestManagerProxy::requestUserMediaPermissionForFrame): Drive by
+ fix: remove some unused parameters in a lambda call.
+
+ * WebProcess/WebPage/WebPage.cpp:
+ (WebKit::WebPage::updatePreferences):
+
</ins><span class="cx"> 2016-11-01 Gavin Barraclough <barraclough@apple.com>
</span><span class="cx">
</span><span class="cx"> Add IsAudible, IsLoading to ActivityState
</span></span></pre></div>
<a id="trunkSourceWebKit2SharedWebPreferencesDefinitionsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/Shared/WebPreferencesDefinitions.h (208248 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/Shared/WebPreferencesDefinitions.h        2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebKit2/Shared/WebPreferencesDefinitions.h        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -224,6 +224,7 @@
</span><span class="cx"> macro(NewCSSParserEnabled, newCSSParserEnabled, Bool, bool, false, "", "") \
</span><span class="cx"> macro(HTTPEquivEnabled, httpEquivEnabled, Bool, bool, true, "", "") \
</span><span class="cx"> macro(MockCaptureDevicesEnabled, mockCaptureDevicesEnabled, Bool, bool, false, "", "") \
</span><ins>+ macro(MediaCaptureRequiresSecureConnection, mediaCaptureRequiresSecureConnection, Bool, bool, true, "", "") \
</ins><span class="cx"> macro(ShadowDOMEnabled, shadowDOMEnabled, Bool, bool, true, "Shadow DOM", "HTML Shadow DOM prototype") \
</span><span class="cx"> macro(DOMIteratorEnabled, domIteratorEnabled, Bool, bool, true, "", "") \
</span><span class="cx"> macro(FetchAPIEnabled, fetchAPIEnabled, Bool, bool, true, "", "") \
</span></span></pre></div>
<a id="trunkSourceWebKit2UIProcessAPICWKPreferencescpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/UIProcess/API/C/WKPreferences.cpp (208248 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/UIProcess/API/C/WKPreferences.cpp        2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebKit2/UIProcess/API/C/WKPreferences.cpp        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -1501,6 +1501,16 @@
</span><span class="cx"> return toImpl(preferencesRef)->mockCaptureDevicesEnabled();
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void WKPreferencesSetMediaCaptureRequiresSecureConnection(WKPreferencesRef preferencesRef, bool enabled)
+{
+ toImpl(preferencesRef)->setMediaCaptureRequiresSecureConnection(enabled);
+}
+
+bool WKPreferencesGetMediaCaptureRequiresSecureConnection(WKPreferencesRef preferencesRef)
+{
+ return toImpl(preferencesRef)->mediaCaptureRequiresSecureConnection();
+}
+
</ins><span class="cx"> void WKPreferencesSetFetchAPIEnabled(WKPreferencesRef preferencesRef, bool flag)
</span><span class="cx"> {
</span><span class="cx"> toImpl(preferencesRef)->setFetchAPIEnabled(flag);
</span></span></pre></div>
<a id="trunkSourceWebKit2UIProcessAPICWKPreferencesRefPrivateh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/UIProcess/API/C/WKPreferencesRefPrivate.h (208248 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/UIProcess/API/C/WKPreferencesRefPrivate.h        2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebKit2/UIProcess/API/C/WKPreferencesRefPrivate.h        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -413,7 +413,11 @@
</span><span class="cx"> // Defaults to false.
</span><span class="cx"> WK_EXPORT void WKPreferencesSetMockCaptureDevicesEnabled(WKPreferencesRef, bool);
</span><span class="cx"> WK_EXPORT bool WKPreferencesGetMockCaptureDevicesEnabled(WKPreferencesRef);
</span><del>-
</del><ins>+
+// Defaults to true.
+WK_EXPORT void WKPreferencesSetMediaCaptureRequiresSecureConnection(WKPreferencesRef, bool);
+WK_EXPORT bool WKPreferencesGetMediaCaptureRequiresSecureConnection(WKPreferencesRef);
+
</ins><span class="cx"> // Defaults to false
</span><span class="cx"> WK_EXPORT void WKPreferencesSetFetchAPIEnabled(WKPreferencesRef, bool flag);
</span><span class="cx"> WK_EXPORT bool WKPreferencesGetFetchAPIEnabled(WKPreferencesRef);
</span></span></pre></div>
<a id="trunkSourceWebKit2UIProcessUserMediaPermissionRequestManagerProxycpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/UIProcess/UserMediaPermissionRequestManagerProxy.cpp (208248 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/UIProcess/UserMediaPermissionRequestManagerProxy.cpp        2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebKit2/UIProcess/UserMediaPermissionRequestManagerProxy.cpp        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -165,7 +165,7 @@
</span><span class="cx"> void UserMediaPermissionRequestManagerProxy::requestUserMediaPermissionForFrame(uint64_t userMediaID, uint64_t frameID, String userMediaDocumentOriginIdentifier, String topLevelDocumentOriginIdentifier, const WebCore::MediaConstraintsData& audioConstraintsData, const WebCore::MediaConstraintsData& videoConstraintsData)
</span><span class="cx"> {
</span><span class="cx"> #if ENABLE(MEDIA_STREAM)
</span><del>- RealtimeMediaSourceCenter::InvalidConstraintsHandler invalidHandler = [this, userMediaID, frameID, userMediaDocumentOriginIdentifier, topLevelDocumentOriginIdentifier](const String& invalidConstraint) {
</del><ins>+ RealtimeMediaSourceCenter::InvalidConstraintsHandler invalidHandler = [this, userMediaID](const String& invalidConstraint) {
</ins><span class="cx"> if (!m_page.isValid())
</span><span class="cx"> return;
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebKit2WebProcessWebPageWebPagecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/WebProcess/WebPage/WebPage.cpp (208248 => 208249)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/WebProcess/WebPage/WebPage.cpp        2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebKit2/WebProcess/WebPage/WebPage.cpp        2016-11-01 22:00:23 UTC (rev 208249)
</span><span class="lines">@@ -3146,6 +3146,7 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(MEDIA_STREAM)
</span><span class="cx"> settings.setMockCaptureDevicesEnabled(store.getBoolValueForKey(WebPreferencesKey::mockCaptureDevicesEnabledKey()));
</span><ins>+ settings.setMediaCaptureRequiresSecureConnection(store.getBoolValueForKey(WebPreferencesKey::mediaCaptureRequiresSecureConnectionKey()));
</ins><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> settings.setShouldConvertPositionStyleOnCopy(store.getBoolValueForKey(WebPreferencesKey::shouldConvertPositionStyleOnCopyKey()));
</span></span></pre>
</div>
</div>
</body>
</html>