Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: da2cbccc6c635200700a4dde1f2d9ddb5b747dab
https://github.com/WebKit/WebKit/commit/da2cbccc6c635200700a4dde1f2d9ddb5b747dab
Author: Youenn Fablet <[email protected]>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
A LayoutTests/http/tests/media/resources/hls/.htaccess
M LayoutTests/http/tests/media/resources/video-cookie-check-cookie.py
A
LayoutTests/http/tests/performance/performance-resource-timing-cross-origin-media-expected.txt
A
LayoutTests/http/tests/performance/performance-resource-timing-cross-origin-media-with-cors-expected.txt
A
LayoutTests/http/tests/performance/performance-resource-timing-cross-origin-media-with-cors.html
A
LayoutTests/http/tests/performance/performance-resource-timing-cross-origin-media.html
A
LayoutTests/http/tests/performance/performance-resource-timing-redirection-cross-origin-media-expected.txt
A
LayoutTests/http/tests/performance/performance-resource-timing-redirection-cross-origin-media-with-cors-expected.txt
A
LayoutTests/http/tests/performance/performance-resource-timing-redirection-cross-origin-media-with-cors.html
A
LayoutTests/http/tests/performance/performance-resource-timing-redirection-cross-origin-media.html
M LayoutTests/platform/glib/TestExpectations
M Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
M Source/WebCore/loader/MediaResourceLoader.cpp
M Source/WebCore/loader/MediaResourceLoader.h
Log Message:
-----------
HLS: Performance.getEntries() leaks contents of cross-site playlists
rdar://133406290
Reviewed by Eric Carlson.
When loading a manifest and the manifest is opaque, we cannot let the web page
know about loads triggered from that manifest.
We thus need to use LoadedFromOpaqueSource, like done for CSS. This will
prevent service worker interception and performance exposure.
We do not know whether a media load is triggered from a particular manifest
unfortunately.
We do the following heuristic as a workaround:
- As long as opaque source loading is not enabled, we check each opaque
response mime type.
- If an opaque response mime type is a manifest mime type, all remaining loads
of the current media will be LoadedFromOpaqueSource::Yes.
- If a load was previously done in non opaque mode, we continue doing so, to
not disrupt successive media range requests.
* LayoutTests/http/tests/media/resources/hls/.htaccess: Added.
* LayoutTests/http/tests/media/resources/video-cookie-check-cookie.py:
*
LayoutTests/http/tests/performance/performance-resource-timing-cross-origin-media-expected.txt:
Added.
*
LayoutTests/http/tests/performance/performance-resource-timing-cross-origin-media-with-cors-expected.txt:
Added.
*
LayoutTests/http/tests/performance/performance-resource-timing-cross-origin-media-with-cors.html:
Added.
*
LayoutTests/http/tests/performance/performance-resource-timing-cross-origin-media.html:
Added.
*
LayoutTests/http/tests/performance/performance-resource-timing-redirection-cross-origin-media-expected.txt:
Added.
*
LayoutTests/http/tests/performance/performance-resource-timing-redirection-cross-origin-media-with-cors-expected.txt:
Added.
*
LayoutTests/http/tests/performance/performance-resource-timing-redirection-cross-origin-media-with-cors.html:
Added.
*
LayoutTests/http/tests/performance/performance-resource-timing-redirection-cross-origin-media.html:
Added.
* Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml:
* Source/WebCore/loader/MediaResourceLoader.cpp:
(WebCore::computeLoadedFromOpaqueSource):
(WebCore::MediaResourceLoader::requestResource):
(WebCore::isManifestMIMEType):
(WebCore::MediaResourceLoader::verifyMediaResponse):
(WebCore::MediaResourceLoader::redirectReceived):
(WebCore::MediaResource::redirectReceived):
* Source/WebCore/loader/MediaResourceLoader.h:
Originally-landed-as: 297297.327@safari-7622-branch (73b19a9b10d5).
rdar://164279835
Canonical link: https://commits.webkit.org/304316@main
Commit: 5e904fc9e42d6b164bda401b8a6407d055c28e0a
https://github.com/WebKit/WebKit/commit/5e904fc9e42d6b164bda401b8a6407d055c28e0a
Author: Youenn Fablet <[email protected]>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M Source/WebCore/loader/MediaResourceLoader.cpp
Log Message:
-----------
Crash under MediaResourceLoader::requestResource()
rdar://161217814
Reviewed by Jean-Yves Avenard.
We add checks to protect from empty URLs.
* Source/WebCore/loader/MediaResourceLoader.cpp:
(WebCore::computeLoadedFromOpaqueSource):
(WebCore::MediaResourceLoader::requestResource):
(WebCore::MediaResourceLoader::redirectReceived):
Originally-landed-as: 297297.477@safari-7622-branch (6cfacf6782cd).
rdar://164212243
Canonical link: https://commits.webkit.org/304317@main
Compare: https://github.com/WebKit/WebKit/compare/48e931ab72ef...5e904fc9e42d
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
