Log Message
Merge r212349 - [GStreamer] Implement MediaPlayerPrivate::hasSingleSecurityOrigin() https://bugs.webkit.org/show_bug.cgi?id=168322
Reviewed by Žan Doberšek. It currently returns true unconditionally. Add resolved-location property to WebKitWebSourceGStreamer to track the resolved url returned by the server and use that from MediaPlayerPrivate to check if there was a cross origin redirection. Fixes: http/tests/security/canvas-remote-read-remote-video-redirect.html * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp: (WebCore::MediaPlayerPrivateGStreamer::hasSingleSecurityOrigin): * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h: * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp: (webKitWebSrcFinalize): (webKitWebSrcGetProperty): (webKitWebSrcStart): (webKitWebSrcQueryWithParent): (webKitWebSrcGetUri): (webKitWebSrcSetUri): (StreamingClient::handleResponseReceived): (ResourceHandleStreamingClient::wasBlocked): (ResourceHandleStreamingClient::cannotShowURL):
Modified Paths
- releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog
- releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp
- releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h
- releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp
Diff
Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog (216489 => 216490)
--- releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog 2017-05-09 09:58:24 UTC (rev 216489)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog 2017-05-09 09:58:32 UTC (rev 216490)
@@ -1,3 +1,30 @@
+2017-02-14 Carlos Garcia Campos <cgar...@igalia.com>
+
+ [GStreamer] Implement MediaPlayerPrivate::hasSingleSecurityOrigin()
+ https://bugs.webkit.org/show_bug.cgi?id=168322
+
+ Reviewed by Žan Doberšek.
+
+ It currently returns true unconditionally. Add resolved-location property to WebKitWebSourceGStreamer to track
+ the resolved url returned by the server and use that from MediaPlayerPrivate to check if there was a cross
+ origin redirection.
+
+ Fixes: http/tests/security/canvas-remote-read-remote-video-redirect.html
+
+ * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
+ (WebCore::MediaPlayerPrivateGStreamer::hasSingleSecurityOrigin):
+ * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
+ * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
+ (webKitWebSrcFinalize):
+ (webKitWebSrcGetProperty):
+ (webKitWebSrcStart):
+ (webKitWebSrcQueryWithParent):
+ (webKitWebSrcGetUri):
+ (webKitWebSrcSetUri):
+ (StreamingClient::handleResponseReceived):
+ (ResourceHandleStreamingClient::wasBlocked):
+ (ResourceHandleStreamingClient::cannotShowURL):
+
2017-04-12 Carlos Garcia Campos <cgar...@igalia.com>
[GTK] Crash at WebCore::ResourceHandle::clearClient() when streaming live video from dailymotion
Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp (216489 => 216490)
--- releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp 2017-05-09 09:58:24 UTC (rev 216489)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp 2017-05-09 09:58:32 UTC (rev 216490)
@@ -1380,6 +1380,23 @@
#endif
}
+bool MediaPlayerPrivateGStreamer::hasSingleSecurityOrigin() const
+{
+ if (!WEBKIT_IS_WEB_SRC(m_source.get()))
+ return false;
+
+ GUniqueOutPtr<char> originalURI, resolvedURI;
+ g_object_get(m_source.get(), "location", &originalURI.outPtr(), "resolved-location", &resolvedURI.outPtr(), nullptr);
+ if (!originalURI || !resolvedURI)
+ return false;
+ if (!g_strcmp0(originalURI.get(), resolvedURI.get()))
+ return true;
+
+ Ref<SecurityOrigin> resolvedOrigin(SecurityOrigin::createFromString(String::fromUTF8(resolvedURI.get())));
+ Ref<SecurityOrigin> requestedOrigin(SecurityOrigin::createFromString(String::fromUTF8(originalURI.get())));
+ return resolvedOrigin->isSameSchemeHostPort(&requestedOrigin.get());
+}
+
void MediaPlayerPrivateGStreamer::cancelLoad()
{
if (m_networkState < MediaPlayer::Loading || m_networkState == MediaPlayer::Loaded)
Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h (216489 => 216490)
--- releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h 2017-05-09 09:58:24 UTC (rev 216489)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h 2017-05-09 09:58:32 UTC (rev 216490)
@@ -108,6 +108,8 @@
unsigned long long totalBytes() const override;
float maxTimeLoaded() const override;
+ bool hasSingleSecurityOrigin() const override;
+
void loadStateChanged();
void timeChanged();
void didEnd();
Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp (216489 => 216490)
--- releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp 2017-05-09 09:58:24 UTC (rev 216489)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp 2017-05-09 09:58:32 UTC (rev 216490)
@@ -132,7 +132,8 @@
struct _WebKitWebSrcPrivate {
GstAppSrc* appsrc;
GstPad* srcpad;
- gchar* uri;
+ CString originalURI;
+ CString resolvedURI;
bool keepAlive;
GUniquePtr<GstStructure> extraHeaders;
bool compress;
@@ -162,6 +163,7 @@
enum {
PROP_0,
PROP_LOCATION,
+ PROP_RESOLVED_LOCATION,
PROP_KEEP_ALIVE,
PROP_EXTRA_HEADERS,
PROP_COMPRESS,
@@ -230,14 +232,14 @@
/* Allows setting the uri using the 'location' property, which is used
* for example by gst_element_make_from_uri() */
- g_object_class_install_property(oklass,
- PROP_LOCATION,
- g_param_spec_string("location",
- "location",
- "Location to read from",
- 0,
- (GParamFlags) (G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS)));
+ g_object_class_install_property(oklass, PROP_LOCATION,
+ g_param_spec_string("location", "location", "Location to read from",
+ nullptr, static_cast<GParamFlags>(G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS)));
+ g_object_class_install_property(oklass, PROP_RESOLVED_LOCATION,
+ g_param_spec_string("resolved-location", "Resolved location", "The location resolved by the server",
+ nullptr, static_cast<GParamFlags>(G_PARAM_READABLE | G_PARAM_STATIC_STRINGS)));
+
g_object_class_install_property(oklass, PROP_KEEP_ALIVE,
g_param_spec_boolean("keep-alive", "keep-alive", "Use HTTP persistent connections",
FALSE, static_cast<GParamFlags>(G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS)));
@@ -324,10 +326,8 @@
static void webKitWebSrcFinalize(GObject* object)
{
- WebKitWebSrc* src = ""
- WebKitWebSrcPrivate* priv = src->priv;
+ WebKitWebSrcPrivate* priv = WEBKIT_WEB_SRC(object)->priv;
- g_free(priv->uri);
priv->~WebKitWebSrcPrivate();
GST_CALL_PARENT(G_OBJECT_CLASS, finalize, (object));
@@ -369,8 +369,11 @@
WTF::GMutexLocker<GMutex> locker(*GST_OBJECT_GET_LOCK(src));
switch (propID) {
case PROP_LOCATION:
- g_value_set_string(value, priv->uri);
+ g_value_set_string(value, priv->originalURI.data());
break;
+ case PROP_RESOLVED_LOCATION:
+ g_value_set_string(value, priv->resolvedURI.data());
+ break;
case PROP_KEEP_ALIVE:
g_value_set_boolean(value, priv->keepAlive);
break;
@@ -506,7 +509,7 @@
priv->didPassAccessControlCheck = false;
- if (!priv->uri) {
+ if (priv->originalURI.isNull()) {
GST_ERROR_OBJECT(src, "No URI provided");
locker.unlock();
webKitWebSrcStop(src);
@@ -515,8 +518,8 @@
ASSERT(!priv->client);
- GST_DEBUG_OBJECT(src, "Fetching %s", priv->uri);
- URL url = "" priv->uri);
+ GST_DEBUG_OBJECT(src, "Fetching %s", priv->originalURI.data());
+ URL url = "" priv->originalURI.data());
ResourceRequest request(url);
request.setAllowCookies(true);
@@ -668,7 +671,7 @@
}
case GST_QUERY_URI: {
WTF::GMutexLocker<GMutex> locker(*GST_OBJECT_GET_LOCK(src));
- gst_query_set_uri(query, src->priv->uri);
+ gst_query_set_uri(query, src->priv->originalURI.data());
result = TRUE;
break;
}
@@ -720,7 +723,7 @@
gchar* ret;
WTF::GMutexLocker<GMutex> locker(*GST_OBJECT_GET_LOCK(src));
- ret = g_strdup(src->priv->uri);
+ ret = g_strdup(src->priv->originalURI.data());
return ret;
}
@@ -736,9 +739,7 @@
WTF::GMutexLocker<GMutex> locker(*GST_OBJECT_GET_LOCK(src));
- g_free(priv->uri);
- priv->uri = 0;
-
+ priv->originalURI = CString();
if (!uri)
return TRUE;
@@ -748,7 +749,7 @@
return FALSE;
}
- priv->uri = g_strdup(url.string().utf8().data());
+ priv->originalURI = url.string().utf8();
return TRUE;
}
@@ -892,6 +893,8 @@
GST_DEBUG_OBJECT(src, "Received response: %d", response.httpStatusCode());
+ priv->resolvedURI = response.url().string().utf8();
+
if (response.httpStatusCode() >= 400) {
GST_ELEMENT_ERROR(src, RESOURCE, READ, ("Received %d HTTP error code", response.httpStatusCode()), (nullptr));
gst_app_src_end_of_stream(priv->appsrc);
@@ -1198,7 +1201,7 @@
GST_ERROR_OBJECT(src, "Request was blocked");
WTF::GMutexLocker<GMutex> locker(*GST_OBJECT_GET_LOCK(src));
- uri.reset(g_strdup(src->priv->uri));
+ uri.reset(g_strdup(src->priv->originalURI.data()));
locker.unlock();
GST_ELEMENT_ERROR(src, RESOURCE, OPEN_READ, ("Access to \"%s\" was blocked", uri.get()), (0));
@@ -1212,7 +1215,7 @@
GST_ERROR_OBJECT(src, "Cannot show URL");
WTF::GMutexLocker<GMutex> locker(*GST_OBJECT_GET_LOCK(src));
- uri.reset(g_strdup(src->priv->uri));
+ uri.reset(g_strdup(src->priv->originalURI.data()));
locker.unlock();
GST_ELEMENT_ERROR(src, RESOURCE, OPEN_READ, ("Can't show \"%s\"", uri.get()), (0));
_______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
