<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[212349] trunk/Source/WebCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/212349">212349</a></dd>
<dt>Author</dt> <dd>carlosgc@webkit.org</dd>
<dt>Date</dt> <dd>2017-02-14 23:44:45 -0800 (Tue, 14 Feb 2017)</dd>
</dl>
<h3>Log Message</h3>
<pre>[GStreamer] Implement MediaPlayerPrivate::hasSingleSecurityOrigin()
https://bugs.webkit.org/show_bug.cgi?id=168322
Reviewed by Žan Doberšek.
It currently returns true unconditionally. Add resolved-location property to WebKitWebSourceGStreamer to track
the resolved url returned by the server and use that from MediaPlayerPrivate to check if there was a cross
origin redirection.
Fixes: http/tests/security/canvas-remote-read-remote-video-redirect.html
* platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
(WebCore::MediaPlayerPrivateGStreamer::hasSingleSecurityOrigin):
* platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
* platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
(webKitWebSrcFinalize):
(webKitWebSrcGetProperty):
(webKitWebSrcStart):
(webKitWebSrcQueryWithParent):
(webKitWebSrcGetUri):
(webKitWebSrcSetUri):
(StreamingClient::handleResponseReceived):
(ResourceHandleStreamingClient::wasBlocked):
(ResourceHandleStreamingClient::cannotShowURL):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoreplatformgraphicsgstreamerMediaPlayerPrivateGStreamercpp">trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp</a></li>
<li><a href="#trunkSourceWebCoreplatformgraphicsgstreamerMediaPlayerPrivateGStreamerh">trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h</a></li>
<li><a href="#trunkSourceWebCoreplatformgraphicsgstreamerWebKitWebSourceGStreamercpp">trunk/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (212348 => 212349)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog        2017-02-15 07:40:38 UTC (rev 212348)
+++ trunk/Source/WebCore/ChangeLog        2017-02-15 07:44:45 UTC (rev 212349)
</span><span class="lines">@@ -1,5 +1,32 @@
</span><span class="cx"> 2017-02-14 Carlos Garcia Campos <cgarcia@igalia.com>
</span><span class="cx">
</span><ins>+ [GStreamer] Implement MediaPlayerPrivate::hasSingleSecurityOrigin()
+ https://bugs.webkit.org/show_bug.cgi?id=168322
+
+ Reviewed by Žan Doberšek.
+
+ It currently returns true unconditionally. Add resolved-location property to WebKitWebSourceGStreamer to track
+ the resolved url returned by the server and use that from MediaPlayerPrivate to check if there was a cross
+ origin redirection.
+
+ Fixes: http/tests/security/canvas-remote-read-remote-video-redirect.html
+
+ * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
+ (WebCore::MediaPlayerPrivateGStreamer::hasSingleSecurityOrigin):
+ * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
+ * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
+ (webKitWebSrcFinalize):
+ (webKitWebSrcGetProperty):
+ (webKitWebSrcStart):
+ (webKitWebSrcQueryWithParent):
+ (webKitWebSrcGetUri):
+ (webKitWebSrcSetUri):
+ (StreamingClient::handleResponseReceived):
+ (ResourceHandleStreamingClient::wasBlocked):
+ (ResourceHandleStreamingClient::cannotShowURL):
+
+2017-02-14 Carlos Garcia Campos <cgarcia@igalia.com>
+
</ins><span class="cx"> Unreviewed, rolling out r211967.
</span><span class="cx">
</span><span class="cx"> Caused rendering issues in HiDPI
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformgraphicsgstreamerMediaPlayerPrivateGStreamercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp (212348 => 212349)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp        2017-02-15 07:40:38 UTC (rev 212348)
+++ trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp        2017-02-15 07:44:45 UTC (rev 212349)
</span><span class="lines">@@ -1423,6 +1423,23 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+bool MediaPlayerPrivateGStreamer::hasSingleSecurityOrigin() const
+{
+ if (!WEBKIT_IS_WEB_SRC(m_source.get()))
+ return false;
+
+ GUniqueOutPtr<char> originalURI, resolvedURI;
+ g_object_get(m_source.get(), "location", &originalURI.outPtr(), "resolved-location", &resolvedURI.outPtr(), nullptr);
+ if (!originalURI || !resolvedURI)
+ return false;
+ if (!g_strcmp0(originalURI.get(), resolvedURI.get()))
+ return true;
+
+ Ref<SecurityOrigin> resolvedOrigin(SecurityOrigin::createFromString(String::fromUTF8(resolvedURI.get())));
+ Ref<SecurityOrigin> requestedOrigin(SecurityOrigin::createFromString(String::fromUTF8(originalURI.get())));
+ return resolvedOrigin->isSameSchemeHostPort(requestedOrigin.get());
+}
+
</ins><span class="cx"> void MediaPlayerPrivateGStreamer::cancelLoad()
</span><span class="cx"> {
</span><span class="cx"> if (m_networkState < MediaPlayer::Loading || m_networkState == MediaPlayer::Loaded)
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformgraphicsgstreamerMediaPlayerPrivateGStreamerh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h (212348 => 212349)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h        2017-02-15 07:40:38 UTC (rev 212348)
+++ trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h        2017-02-15 07:44:45 UTC (rev 212349)
</span><span class="lines">@@ -109,6 +109,8 @@
</span><span class="cx"> unsigned long long totalBytes() const override;
</span><span class="cx"> float maxTimeLoaded() const override;
</span><span class="cx">
</span><ins>+ bool hasSingleSecurityOrigin() const override;
+
</ins><span class="cx"> void loadStateChanged();
</span><span class="cx"> void timeChanged();
</span><span class="cx"> void didEnd();
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformgraphicsgstreamerWebKitWebSourceGStreamercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp (212348 => 212349)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp        2017-02-15 07:40:38 UTC (rev 212348)
+++ trunk/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp        2017-02-15 07:44:45 UTC (rev 212349)
</span><span class="lines">@@ -132,7 +132,8 @@
</span><span class="cx"> struct _WebKitWebSrcPrivate {
</span><span class="cx"> GstAppSrc* appsrc;
</span><span class="cx"> GstPad* srcpad;
</span><del>- gchar* uri;
</del><ins>+ CString originalURI;
+ CString resolvedURI;
</ins><span class="cx"> bool keepAlive;
</span><span class="cx"> GUniquePtr<GstStructure> extraHeaders;
</span><span class="cx"> bool compress;
</span><span class="lines">@@ -162,6 +163,7 @@
</span><span class="cx"> enum {
</span><span class="cx"> PROP_0,
</span><span class="cx"> PROP_LOCATION,
</span><ins>+ PROP_RESOLVED_LOCATION,
</ins><span class="cx"> PROP_KEEP_ALIVE,
</span><span class="cx"> PROP_EXTRA_HEADERS,
</span><span class="cx"> PROP_COMPRESS,
</span><span class="lines">@@ -230,14 +232,14 @@
</span><span class="cx">
</span><span class="cx"> /* Allows setting the uri using the 'location' property, which is used
</span><span class="cx"> * for example by gst_element_make_from_uri() */
</span><del>- g_object_class_install_property(oklass,
- PROP_LOCATION,
- g_param_spec_string("location",
- "location",
- "Location to read from",
- 0,
- (GParamFlags) (G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS)));
</del><ins>+ g_object_class_install_property(oklass, PROP_LOCATION,
+ g_param_spec_string("location", "location", "Location to read from",
+ nullptr, static_cast<GParamFlags>(G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS)));
</ins><span class="cx">
</span><ins>+ g_object_class_install_property(oklass, PROP_RESOLVED_LOCATION,
+ g_param_spec_string("resolved-location", "Resolved location", "The location resolved by the server",
+ nullptr, static_cast<GParamFlags>(G_PARAM_READABLE | G_PARAM_STATIC_STRINGS)));
+
</ins><span class="cx"> g_object_class_install_property(oklass, PROP_KEEP_ALIVE,
</span><span class="cx"> g_param_spec_boolean("keep-alive", "keep-alive", "Use HTTP persistent connections",
</span><span class="cx"> FALSE, static_cast<GParamFlags>(G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS)));
</span><span class="lines">@@ -324,10 +326,8 @@
</span><span class="cx">
</span><span class="cx"> static void webKitWebSrcFinalize(GObject* object)
</span><span class="cx"> {
</span><del>- WebKitWebSrc* src = WEBKIT_WEB_SRC(object);
- WebKitWebSrcPrivate* priv = src->priv;
</del><ins>+ WebKitWebSrcPrivate* priv = WEBKIT_WEB_SRC(object)->priv;
</ins><span class="cx">
</span><del>- g_free(priv->uri);
</del><span class="cx"> priv->~WebKitWebSrcPrivate();
</span><span class="cx">
</span><span class="cx"> GST_CALL_PARENT(G_OBJECT_CLASS, finalize, (object));
</span><span class="lines">@@ -369,8 +369,11 @@
</span><span class="cx"> WTF::GMutexLocker<GMutex> locker(*GST_OBJECT_GET_LOCK(src));
</span><span class="cx"> switch (propID) {
</span><span class="cx"> case PROP_LOCATION:
</span><del>- g_value_set_string(value, priv->uri);
</del><ins>+ g_value_set_string(value, priv->originalURI.data());
</ins><span class="cx"> break;
</span><ins>+ case PROP_RESOLVED_LOCATION:
+ g_value_set_string(value, priv->resolvedURI.data());
+ break;
</ins><span class="cx"> case PROP_KEEP_ALIVE:
</span><span class="cx"> g_value_set_boolean(value, priv->keepAlive);
</span><span class="cx"> break;
</span><span class="lines">@@ -503,7 +506,7 @@
</span><span class="cx">
</span><span class="cx"> priv->didPassAccessControlCheck = false;
</span><span class="cx">
</span><del>- if (!priv->uri) {
</del><ins>+ if (priv->originalURI.isNull()) {
</ins><span class="cx"> GST_ERROR_OBJECT(src, "No URI provided");
</span><span class="cx"> locker.unlock();
</span><span class="cx"> webKitWebSrcStop(src);
</span><span class="lines">@@ -512,8 +515,8 @@
</span><span class="cx">
</span><span class="cx"> ASSERT(!priv->client);
</span><span class="cx">
</span><del>- GST_DEBUG_OBJECT(src, "Fetching %s", priv->uri);
- URL url = URL(URL(), priv->uri);
</del><ins>+ GST_DEBUG_OBJECT(src, "Fetching %s", priv->originalURI.data());
+ URL url = URL(URL(), priv->originalURI.data());
</ins><span class="cx">
</span><span class="cx"> ResourceRequest request(url);
</span><span class="cx"> request.setAllowCookies(true);
</span><span class="lines">@@ -667,7 +670,7 @@
</span><span class="cx"> }
</span><span class="cx"> case GST_QUERY_URI: {
</span><span class="cx"> WTF::GMutexLocker<GMutex> locker(*GST_OBJECT_GET_LOCK(src));
</span><del>- gst_query_set_uri(query, src->priv->uri);
</del><ins>+ gst_query_set_uri(query, src->priv->originalURI.data());
</ins><span class="cx"> result = TRUE;
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="lines">@@ -717,7 +720,7 @@
</span><span class="cx"> gchar* ret;
</span><span class="cx">
</span><span class="cx"> WTF::GMutexLocker<GMutex> locker(*GST_OBJECT_GET_LOCK(src));
</span><del>- ret = g_strdup(src->priv->uri);
</del><ins>+ ret = g_strdup(src->priv->originalURI.data());
</ins><span class="cx"> return ret;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -733,9 +736,7 @@
</span><span class="cx">
</span><span class="cx"> WTF::GMutexLocker<GMutex> locker(*GST_OBJECT_GET_LOCK(src));
</span><span class="cx">
</span><del>- g_free(priv->uri);
- priv->uri = 0;
-
</del><ins>+ priv->originalURI = CString();
</ins><span class="cx"> if (!uri)
</span><span class="cx"> return TRUE;
</span><span class="cx">
</span><span class="lines">@@ -745,7 +746,7 @@
</span><span class="cx"> return FALSE;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- priv->uri = g_strdup(url.string().utf8().data());
</del><ins>+ priv->originalURI = url.string().utf8();
</ins><span class="cx"> return TRUE;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -889,6 +890,8 @@
</span><span class="cx">
</span><span class="cx"> GST_DEBUG_OBJECT(src, "Received response: %d", response.httpStatusCode());
</span><span class="cx">
</span><ins>+ priv->resolvedURI = response.url().string().utf8();
+
</ins><span class="cx"> if (response.httpStatusCode() >= 400) {
</span><span class="cx"> GST_ELEMENT_ERROR(src, RESOURCE, READ, ("Received %d HTTP error code", response.httpStatusCode()), (nullptr));
</span><span class="cx"> gst_app_src_end_of_stream(priv->appsrc);
</span><span class="lines">@@ -1191,7 +1194,7 @@
</span><span class="cx"> GST_ERROR_OBJECT(src, "Request was blocked");
</span><span class="cx">
</span><span class="cx"> WTF::GMutexLocker<GMutex> locker(*GST_OBJECT_GET_LOCK(src));
</span><del>- uri.reset(g_strdup(src->priv->uri));
</del><ins>+ uri.reset(g_strdup(src->priv->originalURI.data()));
</ins><span class="cx"> locker.unlock();
</span><span class="cx">
</span><span class="cx"> GST_ELEMENT_ERROR(src, RESOURCE, OPEN_READ, ("Access to \"%s\" was blocked", uri.get()), (0));
</span><span class="lines">@@ -1205,7 +1208,7 @@
</span><span class="cx"> GST_ERROR_OBJECT(src, "Cannot show URL");
</span><span class="cx">
</span><span class="cx"> WTF::GMutexLocker<GMutex> locker(*GST_OBJECT_GET_LOCK(src));
</span><del>- uri.reset(g_strdup(src->priv->uri));
</del><ins>+ uri.reset(g_strdup(src->priv->originalURI.data()));
</ins><span class="cx"> locker.unlock();
</span><span class="cx">
</span><span class="cx"> GST_ELEMENT_ERROR(src, RESOURCE, OPEN_READ, ("Can't show \"%s\"", uri.get()), (0));
</span></span></pre>
</div>
</div>
</body>
</html>