[GStreamer] No CORS support for media elements
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 10 Apr 2014 15:46:10 +0000 (15:46 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 10 Apr 2014 15:46:10 +0000 (15:46 +0000)
commita556373720e92ac776da0d8399d914b57a61dbc3
treeca48920267f15f8ebcbe33605c46e77723c2d3f3
parent4a42447d5d37c8157ed649d7123625f6925829cb
[GStreamer] No CORS support for media elements
https://bugs.webkit.org/show_bug.cgi?id=99037

Patch by Youenn Fablet <youenn.fablet@crf.canon.fr> on 2014-04-10
Reviewed by Philippe Normand.

Source/WebCore:

Added CORS access control check to media sources when crossorigin attribute is set.

Added getter to CORS access control check status (used to compute whether the stream is tainted or not).
Related test is http/tests/security/video-cross-origin-readback.html.

Disabled access to cross-origin streams that fail CORS check when crossorigin attribute is set.
Related test is http/tests/security/video-cross-origin-accessfailure.html.

Tests: http/tests/security/video-cross-origin-accessfailure.html
       http/tests/security/video-cross-origin-accesssameorigin.html

* platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
(WebCore::MediaPlayerPrivateGStreamer::didPassCORSAccessCheck): Return whether media is cross-origin (tainted) or not by querying the gstreamer source layer.
* platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h: Added MediaPlayerPrivateGStreamer::didPassCORSAccessCheck declaration.
* platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
(webKitWebSrcStart): Passed CORS mode parameter to the streaming client. In case of CORS check failure, stop the resource loading.
(webKitSrcPassedCORSAccessCheck): Return whether CORS access control check was done and successful.
(StreamingClient::handleResponseReceived): Take a parameter to assign the CORS access control check result.
(CachedResourceStreamingClient::CachedResourceStreamingClient): Updated setting of the ResourceLoaderOptions according CORS mode.
(CachedResourceStreamingClient::responseReceived): Check CORS and pass result to handleResponseReceived.
(ResourceHandleStreamingClient::didReceiveResponse): No CORS check.
* platform/graphics/gstreamer/WebKitWebSourceGStreamer.h: Added webKitSrcPassedCORSAccessCheck declaration.

LayoutTests:

http/tests/security/video-cross-origin-accessfailure.html verifies that cross-origin streams that fail CORS check
are not played when crossorigin attribute is set.
 http/tests/security/video-cross-origin-accesssameorigin.html verifies that access to same-origin streams
are played when crossorigin attribute is set.

* http/tests/security/video-cross-origin-accessfailure-expected.txt: Added.
* http/tests/security/video-cross-origin-accessfailure.html: Added.
* http/tests/security/video-cross-origin-accesssameorigin-expected.txt: Added.
* http/tests/security/video-cross-origin-accesssameorigin.html: Added.
* platform/efl/TestExpectations: Enabled http/tests/security/video-cross-origin-readback.html.
* platform/gtk/TestExpectations: Ditto.
* platform/mac/TestExpectations: Disabled http/tests/security/video-cross-origin-accessfailure.html.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167073 268f45cc-cd09-0410-ab3c-d52691b4dbfc
13 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/video-cross-origin-accessfailure-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/video-cross-origin-accessfailure.html [new file with mode: 0755]
LayoutTests/http/tests/security/video-cross-origin-accesssameorigin-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/video-cross-origin-accesssameorigin.html [new file with mode: 0755]
LayoutTests/platform/efl/TestExpectations
LayoutTests/platform/gtk/TestExpectations
LayoutTests/platform/mac/TestExpectations [changed mode: 0644->0755]
Source/WebCore/ChangeLog
Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp
Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h
Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp
Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.h