2011-05-24 Jer Noble <jer.noble@apple.com>
authorjer.noble@apple.com <jer.noble@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 25 May 2011 22:53:23 +0000 (22:53 +0000)
committerjer.noble@apple.com <jer.noble@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 25 May 2011 22:53:23 +0000 (22:53 +0000)
        Reviewed by Darin Adler.

        Video fails to play on Vimeo
        https://bugs.webkit.org/show_bug.cgi?id=61403

        No new tests; Covered by media/video-canvas-source.html.

        Vimeo redirects their assets from player.vimeo.com to av.vimeo.com, which is rejected
        by AVFoundation and QTKit due to our setting a ForbidCrossSiteReference option when
        creating an AVAsset or QTMovie. Instead, we should just reject local->remote and
        remote->local and make our answer to hasSingleSecurityOrigin dynamic.

        When checking whether a given request has a single security origin, use a
        SecurityOrigin to check the host, port, and scheme.

        * WebCore.exp.in:
        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h:
        (WebCore::MediaPlayerPrivateAVFoundation::assetURL): Added.
        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL): Exchange ForbidCrossSiteReference
            for ForbidRemoteReferenceToLocal and ForbidLocalReferenceToRemote
        (WebCore::MediaPlayerPrivateAVFoundationObjC::hasSingleSecurityOrigin): Check to see that the
            requested and resolved URLs have the same host and port.
        * platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
        (WebCore::MediaPlayerPrivateQTKit::commonMovieAttributes): Exchange NoCrossSiteAttribute for
            NoRemoteToLocalSiteAttribute and NoLocalToRemoteSiteAttribute.
        (WebCore::MediaPlayerPrivateQTKit::hasSingleSecurityOrigin):     Check to see that the
                requested and resolved URLs have the same host and port.
        * platform/mac/WebCoreSystemInterface.h: Added wkAVAssetResolvedURL.
        * platform/mac/WebCoreSystemInterface.mm: Ditto.
2011-05-24  Jer Noble  <jer.noble@apple.com>

        Reviewed by Darin Adler.

        Video fails to play on Vimeo
        https://bugs.webkit.org/show_bug.cgi?id=61403

        * WebCoreSupport/WebSystemInterface.mm:
        (InitWebCoreSystemInterface): Added support for wkAVAssetResolvedURL and
            wkQTMovieResolvedURL.
2011-05-24  Jer Noble  <jer.noble@apple.com>

        Reviewed by Darin Adler.

        Video fails to play on Vimeo
        https://bugs.webkit.org/show_bug.cgi?id=61403

        * WebProcess/WebCoreSupport/mac/WebSystemInterface.mm:
        (InitWebCoreSystemInterface): Added support for wkAVAssetResolvedURL and
            wkQTMovieResolvedURL.
2011-05-25  Jer Noble  <jer.noble@apple.com>

        Reviewed by Darin Adler.

        Video fails to play on Vimeo
        https://bugs.webkit.org/show_bug.cgi?id=61403

        Added functions to retrieve the resolved URL for media types supported on
        mac.

        * WebKitSystemInterface.h:
        * WebKitSystemInterface.m:
        (WKAVAssetResolvedURL): Added.
        (WKQTMovieResolvedURL): Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@87328 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 files changed:
Source/WebCore/ChangeLog
Source/WebCore/WebCore.exp.in
Source/WebCore/platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h
Source/WebCore/platform/graphics/avfoundation/MediaPlayerPrivateAVFoundationObjC.h
Source/WebCore/platform/graphics/avfoundation/MediaPlayerPrivateAVFoundationObjC.mm
Source/WebCore/platform/graphics/mac/MediaPlayerPrivateQTKit.mm
Source/WebCore/platform/mac/WebCoreSystemInterface.h
Source/WebCore/platform/mac/WebCoreSystemInterface.mm
Source/WebKit/mac/ChangeLog
Source/WebKit/mac/WebCoreSupport/WebSystemInterface.mm
Source/WebKit2/ChangeLog
Source/WebKit2/WebProcess/WebCoreSupport/mac/WebSystemInterface.mm
WebKitLibraries/ChangeLog
WebKitLibraries/WebKitSystemInterface.h
WebKitLibraries/libWebKitSystemInterfaceLeopard.a
WebKitLibraries/libWebKitSystemInterfaceSnowLeopard.a

index c314854..18f0242 100644 (file)
@@ -1,3 +1,37 @@
+2011-05-24  Jer Noble  <jer.noble@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Video fails to play on Vimeo
+        https://bugs.webkit.org/show_bug.cgi?id=61403
+
+        No new tests; Covered by media/video-canvas-source.html.
+
+        Vimeo redirects their assets from player.vimeo.com to av.vimeo.com, which is rejected
+        by AVFoundation and QTKit due to our setting a ForbidCrossSiteReference option when
+        creating an AVAsset or QTMovie. Instead, we should just reject local->remote and
+        remote->local and make our answer to hasSingleSecurityOrigin dynamic.
+
+        When checking whether a given request has a single security origin, use a 
+        SecurityOrigin to check the host, port, and scheme.
+
+        * WebCore.exp.in:
+        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h:
+        (WebCore::MediaPlayerPrivateAVFoundation::assetURL): Added.
+        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundationObjC.h:
+        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundationObjC.mm:
+        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL): Exchange ForbidCrossSiteReference
+            for ForbidRemoteReferenceToLocal and ForbidLocalReferenceToRemote
+        (WebCore::MediaPlayerPrivateAVFoundationObjC::hasSingleSecurityOrigin): Check to see that the
+            requested and resolved URLs have the same host and port.
+        * platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
+        (WebCore::MediaPlayerPrivateQTKit::commonMovieAttributes): Exchange NoCrossSiteAttribute for 
+            NoRemoteToLocalSiteAttribute and NoLocalToRemoteSiteAttribute.
+        (WebCore::MediaPlayerPrivateQTKit::hasSingleSecurityOrigin):     Check to see that the
+                requested and resolved URLs have the same host and port.
+        * platform/mac/WebCoreSystemInterface.h: Added wkAVAssetResolvedURL.
+        * platform/mac/WebCoreSystemInterface.mm: Ditto.
+
 2011-05-25  Andrew Scherkus  <scherkus@chromium.org>
 
         Reviewed by Eric Carlson.
index e0a92cc..9e66b7a 100644 (file)
@@ -1458,6 +1458,8 @@ _wkSetScrollbarPainterTrackAlpha
 _wkVerticalScrollbarPainterForController
 _wkWillEndLiveResize
 _wkWillStartLiveResize
+_wkQTMovieResolvedURL
+_wkAVAssetResolvedURL
 #else
 _wkGetNSEventMomentumPhase
 #endif
index 503d54d..6803d64 100644 (file)
@@ -150,7 +150,6 @@ protected:
     virtual bool supportsAcceleratedRendering() const = 0;
     virtual void acceleratedRenderingStateChanged();
 #endif
-    virtual bool hasSingleSecurityOrigin() const { return true; }
     virtual MediaPlayer::MovieLoadType movieLoadType() const;
     virtual void prepareForRendering();
     virtual float mediaTimeForTimeValue(float) const = 0;
@@ -243,6 +242,7 @@ protected:
     float invalidTime() const { return -1.0f; }
     void invalidateCachedDuration();
 
+    const String& assetURL() const { return m_assetURL; }
 private:
     MediaPlayer* m_player;
 
index 9a30f70..382d79f 100644 (file)
@@ -119,6 +119,8 @@ private:
     virtual bool hasContextRenderer() const;
     virtual bool hasLayerRenderer() const;
 
+    virtual bool hasSingleSecurityOrigin() const;
+
     RetainPtr<CGImageRef> createImageForTimeInRect(float, const IntRect&);
 
     MediaPlayer* m_player;
index 8b690f9..5bf9a59 100644 (file)
@@ -37,6 +37,7 @@
 #import "GraphicsContext.h"
 #import "KURL.h"
 #import "Logging.h"
+#import "SecurityOrigin.h"
 #import "SoftLinking.h"
 #import "TimeRanges.h"
 #import "WebCoreSystemInterface.h"
@@ -256,7 +257,7 @@ void MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL(const String& url)
     setDelayCallbacks(true);
 
     NSDictionary *options = [NSDictionary dictionaryWithObjectsAndKeys:
-                        [NSNumber numberWithInt:AVAssetReferenceRestrictionForbidCrossSiteReference], AVURLAssetReferenceRestrictionsKey, 
+                        [NSNumber numberWithInt:AVAssetReferenceRestrictionForbidRemoteReferenceToLocal | AVAssetReferenceRestrictionForbidLocalReferenceToRemote], AVURLAssetReferenceRestrictionsKey, 
                         nil];
     NSURL *cocoaURL = KURL(ParsedURLString, url);
     m_avAsset.adoptNS([[AVURLAsset alloc] initWithURL:cocoaURL options:options]);
@@ -775,6 +776,16 @@ void MediaPlayerPrivateAVFoundationObjC::sizeChanged()
     setNaturalSize(IntSize(naturalSize));
 }
 
+bool MediaPlayerPrivateAVFoundationObjC::hasSingleSecurityOrigin() const 
+{
+    if (!m_avAsset)
+        return false;
+    
+    RefPtr<SecurityOrigin> resolvedOrigin = SecurityOrigin::create(KURL(wkAVAssetResolvedURL(m_avAsset.get())));
+    RefPtr<SecurityOrigin> requestedOrigin = SecurityOrigin::createFromString(assetURL());
+    return resolvedOrigin->isSameSchemeHostPort(requestedOrigin.get());
+}
+
 NSArray* assetMetadataKeyNames()
 {
     static NSArray* keys;
index 97a4902..878c0de 100644 (file)
@@ -42,6 +42,7 @@
 #import "GraphicsContext.h"
 #import "KURL.h"
 #import "MIMETypeRegistry.h"
+#import "SecurityOrigin.h"
 #import "SoftLinking.h"
 #import "TimeRanges.h"
 #import "WebCoreSystemInterface.h"
@@ -96,6 +97,8 @@ SOFT_LINK_POINTER(QTKit, QTMovieTimeScaleAttribute, NSString *)
 SOFT_LINK_POINTER(QTKit, QTMovieURLAttribute, NSString *)
 SOFT_LINK_POINTER(QTKit, QTMovieVolumeDidChangeNotification, NSString *)
 SOFT_LINK_POINTER(QTKit, QTSecurityPolicyNoCrossSiteAttribute, NSString *)
+SOFT_LINK_POINTER(QTKit, QTSecurityPolicyNoLocalToRemoteSiteAttribute, NSString *)
+SOFT_LINK_POINTER(QTKit, QTSecurityPolicyNoRemoteToLocalSiteAttribute, NSString *)
 SOFT_LINK_POINTER(QTKit, QTVideoRendererWebKitOnlyNewImageAvailableNotification, NSString *)
 SOFT_LINK_POINTER(QTKit, QTMovieApertureModeClean, NSString *)
 SOFT_LINK_POINTER(QTKit, QTMovieApertureModeAttribute, NSString *)
@@ -132,6 +135,8 @@ SOFT_LINK_POINTER(QTKit, QTMovieApertureModeAttribute, NSString *)
 #define QTMovieURLAttribute getQTMovieURLAttribute()
 #define QTMovieVolumeDidChangeNotification getQTMovieVolumeDidChangeNotification()
 #define QTSecurityPolicyNoCrossSiteAttribute getQTSecurityPolicyNoCrossSiteAttribute()
+#define QTSecurityPolicyNoLocalToRemoteSiteAttribute getQTSecurityPolicyNoLocalToRemoteSiteAttribute()
+#define QTSecurityPolicyNoRemoteToLocalSiteAttribute getQTSecurityPolicyNoRemoteToLocalSiteAttribute()
 #define QTVideoRendererWebKitOnlyNewImageAvailableNotification getQTVideoRendererWebKitOnlyNewImageAvailableNotification()
 #define QTMovieApertureModeClean getQTMovieApertureModeClean()
 #define QTMovieApertureModeAttribute getQTMovieApertureModeAttribute()
@@ -234,7 +239,9 @@ NSMutableDictionary *MediaPlayerPrivateQTKit::commonMovieAttributes()
     NSMutableDictionary *movieAttributes = [NSMutableDictionary dictionaryWithObjectsAndKeys:
             [NSNumber numberWithBool:m_player->preservesPitch()], QTMovieRateChangesPreservePitchAttribute,
             [NSNumber numberWithBool:YES], QTMoviePreventExternalURLLinksAttribute,
-            [NSNumber numberWithBool:YES], QTSecurityPolicyNoCrossSiteAttribute,
+            [NSNumber numberWithBool:NO], QTSecurityPolicyNoCrossSiteAttribute,
+            [NSNumber numberWithBool:YES], QTSecurityPolicyNoRemoteToLocalSiteAttribute,
+            [NSNumber numberWithBool:YES], QTSecurityPolicyNoLocalToRemoteSiteAttribute,
             [NSNumber numberWithBool:NO], QTMovieAskUnresolvedDataRefsAttribute,
             [NSNumber numberWithBool:NO], QTMovieLoopsAttribute,
             [NSNumber numberWithBool:!m_privateBrowsing], @"QTMovieAllowPersistentCacheAttribute",
@@ -1627,9 +1634,12 @@ void MediaPlayerPrivateQTKit::acceleratedRenderingStateChanged()
 
 bool MediaPlayerPrivateQTKit::hasSingleSecurityOrigin() const
 {
-    // We tell quicktime to disallow resources that come from different origins
-    // so we know all media is single origin.
-    return true;
+    if (!m_qtMovie)
+        return false;
+
+    RefPtr<SecurityOrigin> resolvedOrigin = SecurityOrigin::create(KURL(wkQTMovieResolvedURL(m_qtMovie.get())));
+    RefPtr<SecurityOrigin> requestedOrigin = SecurityOrigin::createFromString(m_movieURL);
+    return resolvedOrigin->isSameSchemeHostPort(requestedOrigin.get());
 }
 
 MediaPlayer::MovieLoadType MediaPlayerPrivateQTKit::movieLoadType() const
index e2b58ca..69a4205 100644 (file)
@@ -67,6 +67,7 @@ typedef struct _NSRect NSRect;
 #endif
 
 #ifdef __OBJC__
+@class AVAsset;
 @class NSArray;
 @class NSButtonCell;
 @class NSData;
@@ -87,6 +88,7 @@ typedef struct _NSRect NSRect;
 @class QTMovie;
 @class QTMovieView;
 #else
+class AVAsset;
 class NSArray;
 class NSButtonCell;
 class NSData;
@@ -159,6 +161,7 @@ extern NSString *(*wkQTMovieMaxTimeLoadedChangeNotification)(void);
 extern float (*wkQTMovieMaxTimeSeekable)(QTMovie*);
 extern int (*wkQTMovieGetType)(QTMovie*);
 extern BOOL (*wkQTMovieHasClosedCaptions)(QTMovie*);
+extern NSURL *(*wkQTMovieResolvedURL)(QTMovie*);
 extern void (*wkQTMovieSetShowClosedCaptions)(QTMovie*, BOOL);
 extern void (*wkQTMovieSelectPreferredAlternates)(QTMovie*);
 extern void (*wkQTMovieViewSetDrawSynchronously)(QTMovieView*, BOOL);
@@ -263,6 +266,8 @@ extern bool (*wkScrollbarPainterUsesOverlayScrollers)(void);
 extern bool (*wkExecutableWasLinkedOnOrBeforeSnowLeopard)(void);
 
 extern CFStringRef (*wkCopyDefaultSearchProviderDisplayName)(void);
+
+extern NSURL *(*wkAVAssetResolvedURL)(AVAsset*);
 #endif
 
 extern void (*wkUnregisterUniqueIdForElement)(id element);
@@ -292,7 +297,6 @@ extern CFURLRef (*wkGetCFURLResponseURL)(CFURLResponseRef);
 extern CFHTTPMessageRef (*wkGetCFURLResponseHTTPResponse)(CFURLResponseRef);
 extern CFStringRef (*wkCopyCFURLResponseSuggestedFilename)(CFURLResponseRef);
 extern void (*wkSetCFURLResponseMIMEType)(CFURLResponseRef, CFStringRef mimeType);
-
 }
 
 #endif
index b627a06..e18d17d 100644 (file)
@@ -64,6 +64,7 @@ NSString *(*wkQTMovieMaxTimeLoadedChangeNotification)(void);
 float (*wkQTMovieMaxTimeSeekable)(QTMovie*);
 int (*wkQTMovieGetType)(QTMovie*);
 BOOL (*wkQTMovieHasClosedCaptions)(QTMovie*);
+NSURL *(*wkQTMovieResolvedURL)(QTMovie*);
 void (*wkQTMovieSetShowClosedCaptions)(QTMovie*, BOOL);
 void (*wkQTMovieSelectPreferredAlternates)(QTMovie*);
 void (*wkQTMovieViewSetDrawSynchronously)(QTMovieView*, BOOL);
@@ -159,6 +160,8 @@ bool (*wkScrollbarPainterUsesOverlayScrollers)(void);
 bool (*wkExecutableWasLinkedOnOrBeforeSnowLeopard)(void);
 
 CFStringRef (*wkCopyDefaultSearchProviderDisplayName)(void);
+
+NSURL *(*wkAVAssetResolvedURL)(AVAsset*);
 #endif
 
 void (*wkUnregisterUniqueIdForElement)(id element);
index 234668c..d0247ed 100644 (file)
@@ -1,3 +1,14 @@
+2011-05-24  Jer Noble  <jer.noble@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Video fails to play on Vimeo
+        https://bugs.webkit.org/show_bug.cgi?id=61403
+
+        * WebCoreSupport/WebSystemInterface.mm:
+        (InitWebCoreSystemInterface): Added support for wkAVAssetResolvedURL and
+            wkQTMovieResolvedURL.
+
 2011-05-24  Keishi Hattori  <keishi@webkit.org>
 
         Reviewed by Kent Tamura.
index 8efcc41..142defd 100644 (file)
@@ -96,6 +96,7 @@ void InitWebCoreSystemInterface(void)
     INIT(QTMovieMaxTimeSeekable);
     INIT(QTMovieGetType);
     INIT(QTMovieHasClosedCaptions);
+    INIT(QTMovieResolvedURL);
     INIT(QTMovieSetShowClosedCaptions);
     INIT(QTMovieSelectPreferredAlternates);
     INIT(QTMovieViewSetDrawSynchronously);
@@ -153,6 +154,7 @@ void InitWebCoreSystemInterface(void)
     INIT(ScrollbarPainterUsesOverlayScrollers);
     INIT(ExecutableWasLinkedOnOrBeforeSnowLeopard);
     INIT(CopyDefaultSearchProviderDisplayName);
+    INIT(AVAssetResolvedURL);
 #endif
 
     INIT(GetAXTextMarkerTypeID);
index 30ec516..bfdce9b 100644 (file)
@@ -1,3 +1,14 @@
+2011-05-24  Jer Noble  <jer.noble@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Video fails to play on Vimeo
+        https://bugs.webkit.org/show_bug.cgi?id=61403
+
+        * WebProcess/WebCoreSupport/mac/WebSystemInterface.mm:
+        (InitWebCoreSystemInterface): Added support for wkAVAssetResolvedURL and
+            wkQTMovieResolvedURL.
+
 2011-05-25  Jon Honeycutt  <jhoneycutt@apple.com>
 
         REGRESSION (WebKit2): Crash in Flash on USA Today photo gallery
index ce7d269..8674d6e 100644 (file)
@@ -76,6 +76,7 @@ void InitWebCoreSystemInterface(void)
         INIT(QTMovieMaxTimeLoaded);
         INIT(QTMovieMaxTimeLoadedChangeNotification);
         INIT(QTMovieMaxTimeSeekable);
+        INIT(QTMovieResolvedURL);
         INIT(QTMovieSelectPreferredAlternates);
         INIT(QTMovieSetShowClosedCaptions);
         INIT(QTMovieViewSetDrawSynchronously);
@@ -147,6 +148,7 @@ void InitWebCoreSystemInterface(void)
         INIT(ScrollbarPainterUsesOverlayScrollers);
         INIT(ExecutableWasLinkedOnOrBeforeSnowLeopard);
         INIT(CopyDefaultSearchProviderDisplayName);
+        INIT(AVAssetResolvedURL);
 #else
         INIT(GetHyphenationLocationBeforeIndex);
         INIT(GetNSEventMomentumPhase);
index 5752802..ace3c0d 100644 (file)
@@ -1,3 +1,18 @@
+2011-05-25  Jer Noble  <jer.noble@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Video fails to play on Vimeo
+        https://bugs.webkit.org/show_bug.cgi?id=61403
+
+        Added functions to retrieve the resolved URL for media types supported on 
+        mac.
+
+        * WebKitSystemInterface.h:
+        * WebKitSystemInterface.m:
+        (WKAVAssetResolvedURL): Added.
+        (WKQTMovieResolvedURL): Added.
+
 2011-05-24  Keishi Hattori  <keishi@webkit.org>
 
         Reviewed by Kent Tamura.
index a213c26..ce460e1 100644 (file)
@@ -10,6 +10,7 @@
 
 @class QTMovie;
 @class QTMovieView;
+@class AVAsset;
 
 #ifdef __cplusplus
 extern "C" {
@@ -206,6 +207,7 @@ float WKQTMovieMaxTimeSeekable(QTMovie* movie);
 NSString *WKQTMovieMaxTimeLoadedChangeNotification(void);
 void WKQTMovieViewSetDrawSynchronously(QTMovieView* view, BOOL sync);
 void WKQTMovieDisableComponent(uint32_t[5]);
+NSURL *WKQTMovieResolvedURL(QTMovie* movie);
 
 CFStringRef WKCopyFoundationCacheDirectory(void);
 
@@ -454,6 +456,7 @@ NSRange WKExtractWordDefinitionTokenRangeFromContextualString(NSString *contextS
 void WKShowWordDefinitionWindow(NSAttributedString *term, NSPoint screenPoint, NSDictionary *options);
 void WKHideWordDefinitionWindow(void);
 
+NSURL* WKAVAssetResolvedURL(AVAsset*);
 #endif
 
 #ifdef __cplusplus
index df6c6b8..43b6043 100644 (file)
Binary files a/WebKitLibraries/libWebKitSystemInterfaceLeopard.a and b/WebKitLibraries/libWebKitSystemInterfaceLeopard.a differ
index af9e931..845ca54 100644 (file)
Binary files a/WebKitLibraries/libWebKitSystemInterfaceSnowLeopard.a and b/WebKitLibraries/libWebKitSystemInterfaceSnowLeopard.a differ