Diff
Modified: trunk/LayoutTests/ChangeLog (202578 => 202579)
--- trunk/LayoutTests/ChangeLog 2016-06-28 18:20:42 UTC (rev 202578)
+++ trunk/LayoutTests/ChangeLog 2016-06-28 18:25:27 UTC (rev 202579)
@@ -1,3 +1,16 @@
+2016-06-28 Jer Noble <jer.no...@apple.com>
+
+ Cross-domain video loads do not prompt for authorization.
+ https://bugs.webkit.org/show_bug.cgi?id=159195
+ <rdar://problem/26234612>
+
+ Reviewed by Brent Fulgham.
+
+ Add a cross-origin authorization sub-test.
+
+ * http/tests/media/video-auth.html:
+ * http/tests/media/video-auth-expected.txt:
+
2016-06-28 Ryan Haddad <ryanhad...@apple.com>
Marking fast/multicol/fixed-stack.html as failing on ios-simulator
Modified: trunk/LayoutTests/http/tests/media/video-auth-expected.txt (202578 => 202579)
--- trunk/LayoutTests/http/tests/media/video-auth-expected.txt 2016-06-28 18:20:42 UTC (rev 202578)
+++ trunk/LayoutTests/http/tests/media/video-auth-expected.txt 2016-06-28 18:25:27 UTC (rev 202579)
@@ -1,6 +1,10 @@
http://127.0.0.1:8000/media/resources/video-auth.php?name=test.mp4&type=video/mp4 - didReceiveAuthenticationChallenge - Responding with username:password
+http://localhost:8000/media/resources/video-auth.php?name=test.mp4&type=video/mp4 - didReceiveAuthenticationChallenge - Responding with username:password
-Tests that the media player sends authorization credentials when requesting a media file.
+Tests that the media player sends authorization credentials when requesting a media file.
+Testing same domain (127.0.0.1)
EVENT(canplay)
+Testing cross domain (localhost)
+EVENT(canplay)
END OF TEST
Modified: trunk/LayoutTests/http/tests/media/video-auth.html (202578 => 202579)
--- trunk/LayoutTests/http/tests/media/video-auth.html 2016-06-28 18:20:42 UTC (rev 202578)
+++ trunk/LayoutTests/http/tests/media/video-auth.html 2016-06-28 18:25:27 UTC (rev 202579)
@@ -10,35 +10,51 @@
testRunner.setAuthenticationPassword("password");
}
- function loadMediaFrame()
+ var tests;
+ var media = findMediaFile('video', 'test');
+ var type = mimeTypeForExtension(media.split('.').pop());
+
+ function startTests()
{
findMediaElement();
+ waitForEventAndFail('error');
+ waitForEvent('canplay', runNextTest);
- var movie = findMediaFile('video', 'test');
- var type = mimeTypeForExtension(movie.split('.').pop());
- var frame = document.createElement('iframe');
- frame.width = 0;
- frame.height = 0;
- frame.addEventListener('load', function () {
- source = document.getElementById('source');
- source.src = '' + movie + '&type=' + type;
- source.type = type;
-
- waitForEventAndFail('error');
- waitForEventAndEnd('canplay');
- video.load();
- });
-
- frame.src = ""
- document.body.appendChild(frame);
+ tests = [
+ testSameDomain,
+ testCrossDomain,
+ ];
+
+ runNextTest();
}
+
+ function runNextTest()
+ {
+ var test = tests.shift();
+ if (test)
+ test();
+ else
+ endTest();
+ }
+
+ function testSameDomain()
+ {
+ consoleWrite('Testing same domain (127.0.0.1)');
+ video.src = '' + media + '&type=' + type;
+ video.load();
+ }
+
+ function testCrossDomain()
+ {
+ consoleWrite('Testing cross domain (localhost)');
+ video.src = '' + media + '&type=' + type;
+ video.load();
+ }
</script>
</head>
- <body _onload_="loadMediaFrame()">
- <video id="video">
- <source id="source">
- </video>
+ <body _onload_="startTests()">
+ <video></video>
<br>
Tests that the media player sends authorization credentials when requesting a media file.
</body>
Modified: trunk/Source/WebCore/ChangeLog (202578 => 202579)
--- trunk/Source/WebCore/ChangeLog 2016-06-28 18:20:42 UTC (rev 202578)
+++ trunk/Source/WebCore/ChangeLog 2016-06-28 18:25:27 UTC (rev 202579)
@@ -1,3 +1,19 @@
+2016-06-27 Jer Noble <jer.no...@apple.com>
+
+ Cross-domain video loads do not prompt for authorization.
+ https://bugs.webkit.org/show_bug.cgi?id=159195
+ <rdar://problem/26234612>
+
+ Reviewed by Brent Fulgham.
+
+ Test: http/tests/media/video-auth.html (modified)
+
+ We should prompt for authorization when a cross-origin <video> is embedded
+ in a web page.
+
+ * loader/MediaResourceLoader.cpp:
+ (WebCore::MediaResourceLoader::requestResource):
+
2016-06-28 Ryosuke Niwa <rn...@webkit.org>
REGRESSION(r201471): FormClient.textFieldDidEndEditing is no longer called when a text field is removed
Modified: trunk/Source/WebCore/loader/MediaResourceLoader.cpp (202578 => 202579)
--- trunk/Source/WebCore/loader/MediaResourceLoader.cpp 2016-06-28 18:20:42 UTC (rev 202578)
+++ trunk/Source/WebCore/loader/MediaResourceLoader.cpp 2016-06-28 18:25:27 UTC (rev 202579)
@@ -78,7 +78,7 @@
// FIXME: Skip Content Security Policy check if the element that inititated this request
// is in a user-agent shadow tree. See <https://bugs.webkit.org/show_bug.cgi?id=155505>.
- CachedResourceRequest cacheRequest(updatedRequest, ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, bufferingPolicy, allowCredentials, DoNotAskClientForCrossOriginCredentials, ClientDidNotRequestCredentials, DoSecurityCheck, corsPolicy, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, cachingPolicy));
+ CachedResourceRequest cacheRequest(updatedRequest, ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, bufferingPolicy, allowCredentials, AskClientForAllCredentials, ClientDidNotRequestCredentials, DoSecurityCheck, corsPolicy, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, cachingPolicy));
if (!m_crossOriginMode.isNull())
updateRequestForAccessControl(cacheRequest.mutableResourceRequest(), m_document->securityOrigin(), allowCredentials);