[Webkit-unassigned] [Bug 33539] [GTK] handle media redirections
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Feb 1 05:41:19 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=33539
--- Comment #13 from Philippe Normand <pnormand at igalia.com> 2010-02-01 05:41:19 PST ---
(In reply to comment #8)
> (From update of attachment 46923 [details])
> Ah right, i see what you're doing, you're doing an origin check of the document
> versus the media. That's not what we want to do. What we want to do is make
> any redirect in the media that goes to a different origin from the current
> origin be forbidden
>
> Eg. if i have
>
> http://example.com/foo.mov and that media file contains a redirect to
> http://example.com/foo2.mov that's okay, if i instead it redirects to
> http://evil.com/foo.mov then the media should be blocked. This has nothing to
> do with the containing document.
Hi Oliver,
Sorry to come again on this origin check stuff but I found one example where
the redirect is done to a totally different server.
http://stream.qtv.apple.com/events/jan/1001q3f8hhr/1001908r5ft6dswz_1_350_ref.mov
redirects to:
rtsp://a2047.v1412b.c1412.g.vq.akamaistream.net/5/2047/1412/1_h264_350/1a1a1ae555c531960166df4dbc3095c327960d7be756b71b49aa1576e344addb3ead1a497aaedf11/1001908r5ft6dswz_1_350.mov
So I am not sure anymore we should do that origin check, what do you think?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list