Diff
Modified: trunk/LayoutTests/ChangeLog (208248 => 208249)
--- trunk/LayoutTests/ChangeLog 2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/LayoutTests/ChangeLog 2016-11-01 22:00:23 UTC (rev 208249)
@@ -1,3 +1,24 @@
+2016-11-01 Eric Carlson <eric.carl...@apple.com>
+
+ [MediaStream] restrict media capture secure connections
+ https://bugs.webkit.org/show_bug.cgi?id=164234
+ <rdar://problem/28944906>
+
+ Reviewed by Alex Christensen.
+
+ * http/tests/ssl/media-stream: Added.
+ * http/tests/ssl/media-stream/get-user-media-different-host-expected.txt: Added.
+ * http/tests/ssl/media-stream/get-user-media-different-host.html: Added.
+ * http/tests/ssl/media-stream/get-user-media-nested-expected.txt: Added.
+ * http/tests/ssl/media-stream/get-user-media-nested.html: Added.
+ * http/tests/ssl/media-stream/get-user-media-secure-connection-expected.txt: Added.
+ * http/tests/ssl/media-stream/get-user-media-secure-connection.html: Added.
+ * http/tests/ssl/media-stream/resources: Added.
+ * http/tests/ssl/media-stream/resources/get-user-media-frame.html: Added.
+ * http/tests/ssl/media-stream/resources/get-user-media.js: Added.
+ (else.createURL):
+ (createURL):
+
2016-11-01 Devin Rousso <dcrousso+web...@gmail.com>
Web Inspector: Replace sublists inside DOM-related model objects with WI.Collection
Added: trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-different-host-expected.txt (0 => 208249)
--- trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-different-host-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-different-host-expected.txt 2016-11-01 22:00:23 UTC (rev 208249)
@@ -0,0 +1,18 @@
+CONSOLE MESSAGE: line 52: Trying to call getUserMedia from a document with a different security origin than its top-level frame.
+Tests that getUserMedia fails when the top level document and iframe do not have the same domain.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+URL: https://127.0.0.1:8443/ssl/media-stream/get-user-media-different-host.html
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+URL: https://localhost:8443/ssl/media-stream/resources/get-user-media-frame.html?fail;1
+
+PASS getUserMedia failed with error: "NotAllowedError (DOM Exception 35): The request is not allowed by the user agent or the platform in the current context, possibly because the user denied permission."
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-different-host.html (0 => 208249)
--- trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-different-host.html (rev 0)
+++ trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-different-host.html 2016-11-01 22:00:23 UTC (rev 208249)
@@ -0,0 +1,23 @@
+<!DOCTYPE HTML>
+<html>
+ <head>
+ <script src=""
+ <script src=""
+ <script>
+
+ let testInfo = {
+ shouldSucceed : false,
+ depth: 1,
+ mainFrame : { protocol : "https:", host: "127.0.0.1", port: 8443 },
+ iFrame : { protocol : "https:", host: "localhost", port: 8443, pathname: "/ssl/media-stream/resources/get-user-media-frame.html" }
+ };
+
+ description("Tests that getUserMedia fails when the top level document and iframe do not have the same domain.");
+
+ </script>
+ </head>
+ <body>
+ <div id="console"></div>
+ <script src=""
+ </body>
+</html>
Added: trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-nested-expected.txt (0 => 208249)
--- trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-nested-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-nested-expected.txt 2016-11-01 22:00:23 UTC (rev 208249)
@@ -0,0 +1,30 @@
+CONSOLE MESSAGE: line 52: Trying to call getUserMedia from a document with a different security origin than its top-level frame.
+Tests that getUserMedia fails when the top level document and iframe do not have the same domain.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+URL: https://127.0.0.1:8443/ssl/media-stream/get-user-media-nested.html
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+URL: https://localhost:8443/ssl/media-stream/resources/get-user-media-frame.html?fail;3
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->/<!--frame0-->-->'
+--------
+URL: https://localhost:8443/ssl/media-stream/resources/get-user-media-frame.html?fail;2
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->/<!--frame0-->/<!--frame0-->-->'
+--------
+URL: https://localhost:8443/ssl/media-stream/resources/get-user-media-frame.html?fail;1
+
+PASS getUserMedia failed with error: "NotAllowedError (DOM Exception 35): The request is not allowed by the user agent or the platform in the current context, possibly because the user denied permission."
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-nested.html (0 => 208249)
--- trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-nested.html (rev 0)
+++ trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-nested.html 2016-11-01 22:00:23 UTC (rev 208249)
@@ -0,0 +1,26 @@
+<!DOCTYPE HTML>
+<html>
+ <head>
+ <style>
+ iframe { border: 1px solid black; width: 400px; height: 400px;}
+ </style>
+ <script src=""
+ <script src=""
+ <script>
+
+ let testInfo = {
+ shouldSucceed : false,
+ depth: 3,
+ mainFrame : { protocol : "https:", host: "127.0.0.1", port: 8443 },
+ iFrame : { protocol : "https:", host: "localhost", port: 8443, pathname: "/ssl/media-stream/resources/get-user-media-frame.html" }
+ };
+
+ description("Tests that getUserMedia fails when the top level document and iframe do not have the same domain.");
+
+ </script>
+ </head>
+ <body>
+ <div id="console"></div>
+ <script src=""
+ </body>
+</html>
Added: trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-secure-connection-expected.txt (0 => 208249)
--- trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-secure-connection-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-secure-connection-expected.txt 2016-11-01 22:00:23 UTC (rev 208249)
@@ -0,0 +1,17 @@
+Tests that getUserMedia is allowed when the top level document and iframe have the same origin and are both on a secure connection.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+URL: https://127.0.0.1:8443/ssl/media-stream/get-user-media-secure-connection.html
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+URL: https://127.0.0.1:8443/ssl/media-stream/resources/get-user-media-frame.html?succeed;1
+
+PASS getUserMedia succeeded
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-secure-connection.html (0 => 208249)
--- trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-secure-connection.html (rev 0)
+++ trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-secure-connection.html 2016-11-01 22:00:23 UTC (rev 208249)
@@ -0,0 +1,22 @@
+<!DOCTYPE HTML>
+<html>
+ <head>
+ <script src=""
+ <script src=""
+ <script>
+
+ let testInfo = {
+ shouldSucceed : true,
+ depth: 1,
+ mainFrame : { protocol : "https:", host: "127.0.0.1", port: 8443 },
+ iFrame : { protocol : "https:", host: "127.0.0.1", port: 8443, pathname: "/ssl/media-stream/resources/get-user-media-frame.html" }
+ };
+
+ description("Tests that getUserMedia is allowed when the top level document and iframe have the same origin and are both on a secure connection.");
+
+ </script>
+ </head>
+ <body>
+ <div id="console"></div>
+ </body>
+</html>
Added: trunk/LayoutTests/http/tests/ssl/media-stream/resources/get-user-media-frame.html (0 => 208249)
--- trunk/LayoutTests/http/tests/ssl/media-stream/resources/get-user-media-frame.html (rev 0)
+++ trunk/LayoutTests/http/tests/ssl/media-stream/resources/get-user-media-frame.html 2016-11-01 22:00:23 UTC (rev 208249)
@@ -0,0 +1,58 @@
+<!DOCTYPE HTML>
+<html>
+ <body>
+ <div id="console">
+
+ <script>
+
+ if (window.testRunner) {
+ testRunner.waitUntilDone();
+ testRunner.dumpChildFramesAsText(true);
+ }
+
+ const params = new URL(window.location.href).search.substr(1).split(';');
+ const fail = (msg) => { return `<span><span class="fail">FAIL</span> ${msg}</span>` }
+ const success = (msg) => { return `<span><span class="fail">PASS</span> ${msg}</span>` }
+ const debug = (msg) => {
+ let span = document.createElement("span");
+ span.innerHTML = msg + '<br>';
+ document.getElementById("console").appendChild(span);
+ }
+
+ const mode = params[0];
+ function finish(error, stream)
+ {
+ if (mode === "succeed") {
+ if (stream)
+ debug(success("getUserMedia succeeded"));
+ else
+ debug(fail(`getUserMedia should have succeeded but failed with error "${error}"`));
+ } else {
+ if (error)
+ debug(success(`getUserMedia failed with error: "${error}"`));
+ else
+ debug(fail(`getUserMedia should have succeeded, but failed with error "${error}"`));
+ }
+
+ debug('<br><span class="pass">TEST COMPLETE</span>');
+ if (window.testRunner)
+ testRunner.notifyDone();
+ }
+
+ debug(`URL: ${window.location.href}`);
+
+ const depth = params[1];
+ if (depth > 1) {
+ let iframe = document.createElement("iframe");
+ let url = ""
+ iframe.src = "" - 1}`;
+ document.body.appendChild(iframe);
+ } else {
+ debug("");
+ navigator.mediaDevices.getUserMedia({audio:true})
+ .then(stream => { finish(null, stream); })
+ .catch(err => { finish(err, null); });
+ }
+ </script>
+ </body>
+</html>
Added: trunk/LayoutTests/http/tests/ssl/media-stream/resources/get-user-media.js (0 => 208249)
--- trunk/LayoutTests/http/tests/ssl/media-stream/resources/get-user-media.js (rev 0)
+++ trunk/LayoutTests/http/tests/ssl/media-stream/resources/get-user-media.js 2016-11-01 22:00:23 UTC (rev 208249)
@@ -0,0 +1,30 @@
+
+ window.jsTestIsAsync = true;
+
+ window.addEventListener("load", () => {
+
+ if (window.testRunner) {
+ testRunner.waitUntilDone();
+ testRunner.setUserMediaPermission(true);
+ testRunner.dumpAsText();
+ testRunner.dumpChildFramesAsText(true);
+ }
+ if (window.internals)
+ internals.settings.setMediaCaptureRequiresSecureConnection(true);
+
+ if (location.protocol != testInfo.mainFrame.protocol)
+ window.location = createURL(new URL(window.location.href).pathname, testInfo.mainFrame);
+ else {
+ debug(`URL: ${window.location.href}`);
+ let iframe = document.createElement("iframe");
+ let search = testInfo.shouldSucceed ? "succeed" : "fail"
+ iframe.src = "" testInfo.iFrame)}?${search};${testInfo.depth}`;
+ document.body.appendChild(iframe);
+ }
+ });
+
+ function createURL(pathName, info)
+ {
+ let port = info.port != 0 ? `:${info.port}` : '';
+ return `${info.protocol}//${info.host}${port}${pathName}`;
+ }
\ No newline at end of file
Modified: trunk/LayoutTests/platform/mac-wk1/TestExpectations (208248 => 208249)
--- trunk/LayoutTests/platform/mac-wk1/TestExpectations 2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/LayoutTests/platform/mac-wk1/TestExpectations 2016-11-01 22:00:23 UTC (rev 208249)
@@ -91,6 +91,7 @@
# Media Stream API testing is not supported for WK1 yet.
fast/mediastream
http/tests/media/media-stream
+http/tests/ssl/media-stream
# Disable snapshotting tests on WK1 only
plugins/snapshotting
Modified: trunk/Source/WebCore/ChangeLog (208248 => 208249)
--- trunk/Source/WebCore/ChangeLog 2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebCore/ChangeLog 2016-11-01 22:00:23 UTC (rev 208249)
@@ -1,3 +1,36 @@
+2016-11-01 Eric Carlson <eric.carl...@apple.com>
+
+ [MediaStream] restrict media capture secure connections
+ https://bugs.webkit.org/show_bug.cgi?id=164234
+ <rdar://problem/28944906>
+
+ Reviewed by Alex Christensen.
+
+ Tests: http/tests/ssl/media-stream/get-user-media-different-host.html
+ http/tests/ssl/media-stream/get-user-media-nested.html
+ http/tests/ssl/media-stream/get-user-media-secure-connection.html
+
+ * Modules/mediastream/UserMediaRequest.cpp:
+ (WebCore::isSecure): New.
+ (WebCore::canCallGetUserMedia): New.
+ (WebCore::UserMediaRequest::start): When the setting says the require secure a secure connection,
+ fail immediately if the page or one of its ancestors is not secure.
+
+ * page/Settings.cpp:
+ (WebCore::Settings::mediaCaptureRequiresSecureConnection): New.
+ (WebCore::Settings::setMediaCaptureRequiresSecureConnection): New.
+ * page/Settings.h:
+
+ * testing/InternalSettings.cpp:
+ (WebCore::InternalSettings::InternalSettings): Do not require a secure connection for media
+ capture during tests.
+ (WebCore::InternalSettings::resetToConsistentState):
+ (WebCore::InternalSettings::setMediaCaptureRequiresSecureConnection):
+ * testing/InternalSettings.h:
+ * testing/InternalSettings.idl:
+ * testing/Internals.cpp:
+ (WebCore::Internals::Internals):
+
2016-11-01 Gavin Barraclough <barraclo...@apple.com>
Port Page timer throttling to use ActivityState instead of PageThrottler
Modified: trunk/Source/WebCore/Modules/mediastream/UserMediaRequest.cpp (208248 => 208249)
--- trunk/Source/WebCore/Modules/mediastream/UserMediaRequest.cpp 2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebCore/Modules/mediastream/UserMediaRequest.cpp 2016-11-01 22:00:23 UTC (rev 208249)
@@ -38,6 +38,7 @@
#include "UserMediaRequest.h"
#include "Document.h"
+#include "DocumentLoader.h"
#include "ExceptionCode.h"
#include "Frame.h"
#include "JSMediaStream.h"
@@ -48,6 +49,7 @@
#include "OverconstrainedError.h"
#include "RealtimeMediaSourceCenter.h"
#include "SecurityOrigin.h"
+#include "Settings.h"
#include "UserMediaController.h"
#include <wtf/MainThread.h>
@@ -99,12 +101,70 @@
return m_scriptExecutionContext->topOrigin();
}
+static bool isSecure(DocumentLoader& documentLoader)
+{
+ if (!documentLoader.response().url().protocolIs("https"))
+ return false;
+
+ if (!documentLoader.response().certificateInfo() || documentLoader.response().certificateInfo()->containsNonRootSHA1SignedCertificate())
+ return false;
+
+ return true;
+}
+
+static bool canCallGetUserMedia(Document& document, String& errorMessage)
+{
+ bool requiresSecureConnection = document.frame()->settings().mediaCaptureRequiresSecureConnection();
+ if (requiresSecureConnection && !isSecure(*document.loader())) {
+ errorMessage = "Trying to call getUserMedia from an insecure document.";
+ return false;
+ }
+
+ auto& topDocument = document.topDocument();
+ if (&document != &topDocument) {
+ auto& topOrigin = *topDocument.topOrigin();
+
+ if (!document.securityOrigin()->isSameSchemeHostPort(&topOrigin)) {
+ errorMessage = "Trying to call getUserMedia from a document with a different security origin than its top-level frame.";
+ return false;
+ }
+
+ for (auto* ancestorDocument = document.parentDocument(); ancestorDocument != &topDocument; ancestorDocument = ancestorDocument->parentDocument()) {
+ if (requiresSecureConnection && !isSecure(*ancestorDocument->loader())) {
+ errorMessage = "Trying to call getUserMedia from a document with an insecure parent frame.";
+ return false;
+ }
+
+ if (!ancestorDocument->securityOrigin()->isSameSchemeHostPort(&topOrigin)) {
+ errorMessage = "Trying to call getUserMedia from a document with a different security origin than its top-level frame.";
+ return false;
+ }
+ }
+ }
+
+ return true;
+}
+
void UserMediaRequest::start()
{
- if (m_controller)
- m_controller->requestUserMediaAccess(*this);
- else
+ if (!m_scriptExecutionContext || !m_controller) {
deny(MediaAccessDenialReason::OtherFailure, emptyString());
+ return;
+ }
+
+ Document& document = downcast<Document>(*m_scriptExecutionContext);
+ DOMWindow& window = *document.domWindow();
+
+ // 10.2 - 6.3 Optionally, e.g., based on a previously-established user preference, for security reasons,
+ // or due to platform limitations, jump to the step labeled Permission Failure below.
+ String errorMessage;
+ if (!canCallGetUserMedia(document, errorMessage)) {
+ deny(MediaAccessDenialReason::PermissionDenied, emptyString());
+ window.printErrorMessage(errorMessage);
+ return;
+ }
+
+ m_controller->requestUserMediaAccess(*this);
}
void UserMediaRequest::allow(const String& audioDeviceUID, const String& videoDeviceUID)
Modified: trunk/Source/WebCore/page/Settings.cpp (208248 => 208249)
--- trunk/Source/WebCore/page/Settings.cpp 2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebCore/page/Settings.cpp 2016-11-01 22:00:23 UTC (rev 208249)
@@ -90,6 +90,7 @@
#if ENABLE(MEDIA_STREAM)
bool Settings::gMockCaptureDevicesEnabled = false;
+bool Settings::gMediaCaptureRequiresSecureConnection = true;
#endif
#if PLATFORM(WIN)
@@ -594,6 +595,16 @@
gMockCaptureDevicesEnabled = enabled;
MockRealtimeMediaSourceCenter::setMockRealtimeMediaSourceCenterEnabled(enabled);
}
+
+bool Settings::mediaCaptureRequiresSecureConnection() const
+{
+ return gMediaCaptureRequiresSecureConnection;
+}
+
+void Settings::setMediaCaptureRequiresSecureConnection(bool mediaCaptureRequiresSecureConnection)
+{
+ gMediaCaptureRequiresSecureConnection = mediaCaptureRequiresSecureConnection;
+}
#endif
void Settings::setScrollingPerformanceLoggingEnabled(bool enabled)
Modified: trunk/Source/WebCore/page/Settings.h (208248 => 208249)
--- trunk/Source/WebCore/page/Settings.h 2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebCore/page/Settings.h 2016-11-01 22:00:23 UTC (rev 208249)
@@ -293,6 +293,9 @@
static bool mockCaptureDevicesEnabled();
WEBCORE_EXPORT static void setMockCaptureDevicesEnabled(bool);
+
+ bool mediaCaptureRequiresSecureConnection() const;
+ WEBCORE_EXPORT static void setMediaCaptureRequiresSecureConnection(bool);
#endif
#if ENABLE(APPLE_PAY)
@@ -393,6 +396,7 @@
#if ENABLE(MEDIA_STREAM)
String m_mediaDeviceIdentifierStorageDirectory;
static bool gMockCaptureDevicesEnabled;
+ static bool gMediaCaptureRequiresSecureConnection;
#endif
#if ENABLE(APPLE_PAY)
Modified: trunk/Source/WebCore/testing/InternalSettings.cpp (208248 => 208249)
--- trunk/Source/WebCore/testing/InternalSettings.cpp 2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebCore/testing/InternalSettings.cpp 2016-11-01 22:00:23 UTC (rev 208249)
@@ -220,6 +220,9 @@
#if ENABLE(WIRELESS_PLAYBACK_TARGET)
setAllowsAirPlayForMediaPlayback(false);
#endif
+#if ENABLE(MEDIA_STREAM)
+ setMediaCaptureRequiresSecureConnection(false);
+#endif
}
Ref<InternalSettings> InternalSettings::create(Page* page)
@@ -237,6 +240,9 @@
#if ENABLE(WIRELESS_PLAYBACK_TARGET)
settings().setAllowsAirPlayForMediaPlayback(false);
#endif
+#if ENABLE(MEDIA_STREAM)
+ setMediaCaptureRequiresSecureConnection(false);
+#endif
m_backup.restoreTo(settings());
m_backup = Backup { settings() };
@@ -399,6 +405,18 @@
return { };
}
+ExceptionOr<void> InternalSettings::setMediaCaptureRequiresSecureConnection(bool requires)
+{
+ if (!m_page)
+ return Exception { INVALID_ACCESS_ERR };
+#if ENABLE(MEDIA_STREAM)
+ settings().setMediaCaptureRequiresSecureConnection(requires);
+#else
+ UNUSED_PARAM(requires);
+#endif
+ return { };
+}
+
ExceptionOr<void> InternalSettings::setEditingBehavior(const String& editingBehavior)
{
if (!m_page)
Modified: trunk/Source/WebCore/testing/InternalSettings.h (208248 => 208249)
--- trunk/Source/WebCore/testing/InternalSettings.h 2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebCore/testing/InternalSettings.h 2016-11-01 22:00:23 UTC (rev 208249)
@@ -65,6 +65,8 @@
ExceptionOr<void> setMediaTypeOverride(const String&);
ExceptionOr<void> setCanStartMedia(bool);
ExceptionOr<void> setAllowsAirPlayForMediaPlayback(bool);
+ ExceptionOr<void> setMediaCaptureRequiresSecureConnection(bool);
+
ExceptionOr<void> setEditingBehavior(const String&);
ExceptionOr<void> setPreferMIMETypeForImages(bool);
ExceptionOr<void> setPDFImageCachingPolicy(const String&);
Modified: trunk/Source/WebCore/testing/InternalSettings.idl (208248 => 208249)
--- trunk/Source/WebCore/testing/InternalSettings.idl 2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebCore/testing/InternalSettings.idl 2016-11-01 22:00:23 UTC (rev 208249)
@@ -55,6 +55,7 @@
[MayThrowException] void setTimeWithoutMouseMovementBeforeHidingControls(unrestricted double time);
[MayThrowException] void setMediaTypeOverride(DOMString mediaTypeOverride);
void setAllowsAirPlayForMediaPlayback(boolean available);
+ [Conditional=MEDIA_STREAM, MayThrowException] void setMediaCaptureRequiresSecureConnection(boolean enable);
[MayThrowException] void setForcePendingWebGLPolicy(boolean forced);
Modified: trunk/Source/WebCore/testing/Internals.cpp (208248 => 208249)
--- trunk/Source/WebCore/testing/Internals.cpp 2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebCore/testing/Internals.cpp 2016-11-01 22:00:23 UTC (rev 208249)
@@ -426,6 +426,7 @@
#if ENABLE(MEDIA_STREAM)
setMockMediaCaptureDevicesEnabled(true);
+ WebCore::Settings::setMediaCaptureRequiresSecureConnection(false);
#endif
#if ENABLE(WEB_RTC)
Modified: trunk/Source/WebKit/mac/ChangeLog (208248 => 208249)
--- trunk/Source/WebKit/mac/ChangeLog 2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebKit/mac/ChangeLog 2016-11-01 22:00:23 UTC (rev 208249)
@@ -1,3 +1,21 @@
+2016-11-01 Eric Carlson <eric.carl...@apple.com>
+
+ [MediaStream] restrict media capture secure connections
+ https://bugs.webkit.org/show_bug.cgi?id=164234
+ <rdar://problem/28944906>
+
+ Reviewed by Alex Christensen.
+
+ * WebView/WebPreferenceKeysPrivate.h:
+ * WebView/WebPreferences.mm:
+ (+[WebPreferences initialize]): Initialize WebKitMediaCaptureRequiresSecureConnectionPreferenceKey.
+ (-[WebPreferences mediaCaptureRequiresSecureConnection]): New.
+ (-[WebPreferences setMediaCaptureRequiresSecureConnection:]): New.
+ * WebView/WebPreferencesPrivate.h:
+
+ * WebView/WebView.mm:
+ (-[WebView _preferencesChanged:]): Sync mediaCaptureRequiresSecureConnection.
+
2016-10-29 Filip Pizlo <fpi...@apple.com>
JSC should support SharedArrayBuffer
Modified: trunk/Source/WebKit/mac/WebView/WebPreferenceKeysPrivate.h (208248 => 208249)
--- trunk/Source/WebKit/mac/WebView/WebPreferenceKeysPrivate.h 2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebKit/mac/WebView/WebPreferenceKeysPrivate.h 2016-11-01 22:00:23 UTC (rev 208249)
@@ -211,6 +211,7 @@
#define WebKitEnableInheritURIQueryComponentPreferenceKey @"WebKitEnableInheritURIQueryComponent"
#define WebKitMediaDataLoadsAutomaticallyPreferenceKey @"WebKitMediaDataLoadsAutomatically"
#define WebKitMockCaptureDevicesEnabledPreferenceKey @"WebKitMockCaptureDevicesEnabled"
+#define WebKitMediaCaptureRequiresSecureConnectionPreferenceKey @"WebKitMediaCaptureRequiresSecureConnection"
#define WebKitAttachmentElementEnabledPreferenceKey @"WebKitAttachmentElementEnabled"
Modified: trunk/Source/WebKit/mac/WebView/WebPreferences.mm (208248 => 208249)
--- trunk/Source/WebKit/mac/WebView/WebPreferences.mm 2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebKit/mac/WebView/WebPreferences.mm 2016-11-01 22:00:23 UTC (rev 208249)
@@ -606,6 +606,7 @@
#endif
#if ENABLE(MEDIA_STREAM)
[NSNumber numberWithBool:NO], WebKitMockCaptureDevicesEnabledPreferenceKey,
+ [NSNumber numberWithBool:YES], WebKitMediaCaptureRequiresSecureConnectionPreferenceKey,
#endif
[NSNumber numberWithBool:YES], WebKitShadowDOMEnabledPreferenceKey,
#if ENABLE(CUSTOM_ELEMENTS)
@@ -2707,6 +2708,16 @@
[self _setBoolValue:flag forKey:WebKitMockCaptureDevicesEnabledPreferenceKey];
}
+- (BOOL)mediaCaptureRequiresSecureConnection
+{
+ return [self _boolValueForKey:WebKitMediaCaptureRequiresSecureConnectionPreferenceKey];
+}
+
+- (void)setMediaCaptureRequiresSecureConnection:(BOOL)flag
+{
+ [self _setBoolValue:flag forKey:WebKitMediaCaptureRequiresSecureConnectionPreferenceKey];
+}
+
- (BOOL)shadowDOMEnabled
{
return [self _boolValueForKey:WebKitShadowDOMEnabledPreferenceKey];
Modified: trunk/Source/WebKit/mac/WebView/WebPreferencesPrivate.h (208248 => 208249)
--- trunk/Source/WebKit/mac/WebView/WebPreferencesPrivate.h 2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebKit/mac/WebView/WebPreferencesPrivate.h 2016-11-01 22:00:23 UTC (rev 208249)
@@ -476,6 +476,9 @@
- (void)setMockCaptureDevicesEnabled:(BOOL)flag;
- (BOOL)mockCaptureDevicesEnabled;
+- (void)setMediaCaptureRequiresSecureConnection:(BOOL)flag;
+- (BOOL)mediaCaptureRequiresSecureConnection;
+
- (void)setShadowDOMEnabled:(BOOL)flag;
- (BOOL)shadowDOMEnabled;
Modified: trunk/Source/WebKit/mac/WebView/WebView.mm (208248 => 208249)
--- trunk/Source/WebKit/mac/WebView/WebView.mm 2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebKit/mac/WebView/WebView.mm 2016-11-01 22:00:23 UTC (rev 208249)
@@ -2513,6 +2513,7 @@
#if ENABLE(MEDIA_STREAM)
settings.setMockCaptureDevicesEnabled([preferences mockCaptureDevicesEnabled]);
+ settings.setMediaCaptureRequiresSecureConnection([preferences mediaCaptureRequiresSecureConnection]);
#endif
#if ENABLE(WEB_AUDIO)
Modified: trunk/Source/WebKit2/ChangeLog (208248 => 208249)
--- trunk/Source/WebKit2/ChangeLog 2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebKit2/ChangeLog 2016-11-01 22:00:23 UTC (rev 208249)
@@ -1,3 +1,25 @@
+2016-11-01 Eric Carlson <eric.carl...@apple.com>
+
+ [MediaStream] restrict media capture secure connections
+ https://bugs.webkit.org/show_bug.cgi?id=164234
+ <rdar://problem/28944906>
+
+ Reviewed by Alex Christensen.
+
+ * Shared/WebPreferencesDefinitions.h:
+
+ * UIProcess/API/C/WKPreferences.cpp:
+ (WKPreferencesSetMediaCaptureRequiresSecureConnection):
+ (WKPreferencesGetMediaCaptureRequiresSecureConnection):
+ * UIProcess/API/C/WKPreferencesRefPrivate.h:
+
+ * UIProcess/UserMediaPermissionRequestManagerProxy.cpp:
+ (WebKit::UserMediaPermissionRequestManagerProxy::requestUserMediaPermissionForFrame): Drive by
+ fix: remove some unused parameters in a lambda call.
+
+ * WebProcess/WebPage/WebPage.cpp:
+ (WebKit::WebPage::updatePreferences):
+
2016-11-01 Gavin Barraclough <barraclo...@apple.com>
Add IsAudible, IsLoading to ActivityState
Modified: trunk/Source/WebKit2/Shared/WebPreferencesDefinitions.h (208248 => 208249)
--- trunk/Source/WebKit2/Shared/WebPreferencesDefinitions.h 2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebKit2/Shared/WebPreferencesDefinitions.h 2016-11-01 22:00:23 UTC (rev 208249)
@@ -224,6 +224,7 @@
macro(NewCSSParserEnabled, newCSSParserEnabled, Bool, bool, false, "", "") \
macro(HTTPEquivEnabled, httpEquivEnabled, Bool, bool, true, "", "") \
macro(MockCaptureDevicesEnabled, mockCaptureDevicesEnabled, Bool, bool, false, "", "") \
+ macro(MediaCaptureRequiresSecureConnection, mediaCaptureRequiresSecureConnection, Bool, bool, true, "", "") \
macro(ShadowDOMEnabled, shadowDOMEnabled, Bool, bool, true, "Shadow DOM", "HTML Shadow DOM prototype") \
macro(DOMIteratorEnabled, domIteratorEnabled, Bool, bool, true, "", "") \
macro(FetchAPIEnabled, fetchAPIEnabled, Bool, bool, true, "", "") \
Modified: trunk/Source/WebKit2/UIProcess/API/C/WKPreferences.cpp (208248 => 208249)
--- trunk/Source/WebKit2/UIProcess/API/C/WKPreferences.cpp 2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebKit2/UIProcess/API/C/WKPreferences.cpp 2016-11-01 22:00:23 UTC (rev 208249)
@@ -1501,6 +1501,16 @@
return toImpl(preferencesRef)->mockCaptureDevicesEnabled();
}
+void WKPreferencesSetMediaCaptureRequiresSecureConnection(WKPreferencesRef preferencesRef, bool enabled)
+{
+ toImpl(preferencesRef)->setMediaCaptureRequiresSecureConnection(enabled);
+}
+
+bool WKPreferencesGetMediaCaptureRequiresSecureConnection(WKPreferencesRef preferencesRef)
+{
+ return toImpl(preferencesRef)->mediaCaptureRequiresSecureConnection();
+}
+
void WKPreferencesSetFetchAPIEnabled(WKPreferencesRef preferencesRef, bool flag)
{
toImpl(preferencesRef)->setFetchAPIEnabled(flag);
Modified: trunk/Source/WebKit2/UIProcess/API/C/WKPreferencesRefPrivate.h (208248 => 208249)
--- trunk/Source/WebKit2/UIProcess/API/C/WKPreferencesRefPrivate.h 2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebKit2/UIProcess/API/C/WKPreferencesRefPrivate.h 2016-11-01 22:00:23 UTC (rev 208249)
@@ -413,7 +413,11 @@
// Defaults to false.
WK_EXPORT void WKPreferencesSetMockCaptureDevicesEnabled(WKPreferencesRef, bool);
WK_EXPORT bool WKPreferencesGetMockCaptureDevicesEnabled(WKPreferencesRef);
-
+
+// Defaults to true.
+WK_EXPORT void WKPreferencesSetMediaCaptureRequiresSecureConnection(WKPreferencesRef, bool);
+WK_EXPORT bool WKPreferencesGetMediaCaptureRequiresSecureConnection(WKPreferencesRef);
+
// Defaults to false
WK_EXPORT void WKPreferencesSetFetchAPIEnabled(WKPreferencesRef, bool flag);
WK_EXPORT bool WKPreferencesGetFetchAPIEnabled(WKPreferencesRef);
Modified: trunk/Source/WebKit2/UIProcess/UserMediaPermissionRequestManagerProxy.cpp (208248 => 208249)
--- trunk/Source/WebKit2/UIProcess/UserMediaPermissionRequestManagerProxy.cpp 2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebKit2/UIProcess/UserMediaPermissionRequestManagerProxy.cpp 2016-11-01 22:00:23 UTC (rev 208249)
@@ -165,7 +165,7 @@
void UserMediaPermissionRequestManagerProxy::requestUserMediaPermissionForFrame(uint64_t userMediaID, uint64_t frameID, String userMediaDocumentOriginIdentifier, String topLevelDocumentOriginIdentifier, const WebCore::MediaConstraintsData& audioConstraintsData, const WebCore::MediaConstraintsData& videoConstraintsData)
{
#if ENABLE(MEDIA_STREAM)
- RealtimeMediaSourceCenter::InvalidConstraintsHandler invalidHandler = [this, userMediaID, frameID, userMediaDocumentOriginIdentifier, topLevelDocumentOriginIdentifier](const String& invalidConstraint) {
+ RealtimeMediaSourceCenter::InvalidConstraintsHandler invalidHandler = [this, userMediaID](const String& invalidConstraint) {
if (!m_page.isValid())
return;
Modified: trunk/Source/WebKit2/WebProcess/WebPage/WebPage.cpp (208248 => 208249)
--- trunk/Source/WebKit2/WebProcess/WebPage/WebPage.cpp 2016-11-01 21:56:11 UTC (rev 208248)
+++ trunk/Source/WebKit2/WebProcess/WebPage/WebPage.cpp 2016-11-01 22:00:23 UTC (rev 208249)
@@ -3146,6 +3146,7 @@
#if ENABLE(MEDIA_STREAM)
settings.setMockCaptureDevicesEnabled(store.getBoolValueForKey(WebPreferencesKey::mockCaptureDevicesEnabledKey()));
+ settings.setMediaCaptureRequiresSecureConnection(store.getBoolValueForKey(WebPreferencesKey::mediaCaptureRequiresSecureConnectionKey()));
#endif
settings.setShouldConvertPositionStyleOnCopy(store.getBoolValueForKey(WebPreferencesKey::shouldConvertPositionStyleOnCopyKey()));