diff options
| author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-01-15 11:02:06 +0100 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-01-15 12:38:47 +0000 |
| commit | 27c402195e8af55729e973576b1f4db443ef9232 (patch) | |
| tree | 48a3ba52f44a38e9f03b351ccfe70589ca1f4c3d /chromium | |
| parent | 4848d71bd91915a856f17a2bc45b402bda1d96f7 (diff) | |
| download | qtwebengine-chromium-27c402195e8af55729e973576b1f4db443ef9232.tar.gz | |
[Backport] Security issue 849942
Simplify "WouldTaintOrigin" concept in media/blink
Currently WebMediaPlayer has three predicates:
- DidGetOpaqueResponseFromServiceWorker
- HasSingleSecurityOrigin
- DidPassCORSAccessCheck
. These are used to determine whether the response body is available
for scripts. They are known to be confusing, and actually
MediaElementAudioSourceHandler::WouldTaintOrigin misuses them.
This CL merges the three predicates to one, WouldTaintOrigin, to remove
the confusion. Now the "response type" concept is available and we
don't need a custom CORS check, so this CL removes
BaseAudioContext::WouldTaintOrigin. This CL also renames
URLData::has_opaque_data_ and its (direct and indirect) data accessors
to match the spec.
Bug: 849942, 875153
Change-Id: I6acf50169d7445c4ff614e80ac606f79ee577d2a
Reviewed-on: https://chromium-review.googlesource.com/c/1238098
Reviewed-by: Fredrik Hubinette <hubbe@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Raymond Toy <rtoy@chromium.org>
Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
Cr-Commit-Position: refs/heads/master@{#598258}
Reviewed-by: Michael BrĂ¼ning <michael.bruning@qt.io>
Diffstat (limited to 'chromium')
18 files changed, 129 insertions, 155 deletions
diff --git a/chromium/content/renderer/media/stream/webmediaplayer_ms.cc b/chromium/content/renderer/media/stream/webmediaplayer_ms.cc index 2d13eb7cb58..4a01e667159 100644 --- a/chromium/content/renderer/media/stream/webmediaplayer_ms.cc +++ b/chromium/content/renderer/media/stream/webmediaplayer_ms.cc @@ -790,21 +790,11 @@ void WebMediaPlayerMS::Paint(cc::PaintCanvas* canvas, context_3d); } -bool WebMediaPlayerMS::DidGetOpaqueResponseFromServiceWorker() const { +bool WebMediaPlayerMS::WouldTaintOrigin() const { DCHECK(thread_checker_.CalledOnValidThread()); return false; } -bool WebMediaPlayerMS::HasSingleSecurityOrigin() const { - DCHECK(thread_checker_.CalledOnValidThread()); - return true; -} - -bool WebMediaPlayerMS::DidPassCORSAccessCheck() const { - DCHECK(thread_checker_.CalledOnValidThread()); - return true; -} - double WebMediaPlayerMS::MediaTimeForTimeValue(double timeValue) const { return base::TimeDelta::FromSecondsD(timeValue).InSecondsF(); } diff --git a/chromium/content/renderer/media/stream/webmediaplayer_ms.h b/chromium/content/renderer/media/stream/webmediaplayer_ms.h index 4af79567b43..d4d1c1c46fd 100644 --- a/chromium/content/renderer/media/stream/webmediaplayer_ms.h +++ b/chromium/content/renderer/media/stream/webmediaplayer_ms.h @@ -143,9 +143,7 @@ class CONTENT_EXPORT WebMediaPlayerMS blink::WebString GetErrorMessage() const override; bool DidLoadingProgress() override; - bool DidGetOpaqueResponseFromServiceWorker() const override; - bool HasSingleSecurityOrigin() const override; - bool DidPassCORSAccessCheck() const override; + bool WouldTaintOrigin() const override; double MediaTimeForTimeValue(double timeValue) const override; diff --git a/chromium/content/renderer/media_capture_from_element/html_video_element_capturer_source_unittest.cc b/chromium/content/renderer/media_capture_from_element/html_video_element_capturer_source_unittest.cc index 6a05c12fd96..f97a258c621 100644 --- a/chromium/content/renderer/media_capture_from_element/html_video_element_capturer_source_unittest.cc +++ b/chromium/content/renderer/media_capture_from_element/html_video_element_capturer_source_unittest.cc @@ -74,9 +74,7 @@ class MockWebMediaPlayer : public blink::WebMediaPlayer, } bool DidLoadingProgress() override { return true; } - bool DidGetOpaqueResponseFromServiceWorker() const override { return false; } - bool HasSingleSecurityOrigin() const override { return true; } - bool DidPassCORSAccessCheck() const override { return true; } + bool WouldTaintOrigin() const override { return false; } double MediaTimeForTimeValue(double timeValue) const override { return 0.0; } unsigned DecodedFrameCount() const override { return 0; } unsigned DroppedFrameCount() const override { return 0; } diff --git a/chromium/media/blink/multibuffer_data_source.cc b/chromium/media/blink/multibuffer_data_source.cc index 6932acd8349..fc70fdda35b 100644 --- a/chromium/media/blink/multibuffer_data_source.cc +++ b/chromium/media/blink/multibuffer_data_source.cc @@ -283,23 +283,8 @@ bool MultibufferDataSource::HasSingleOrigin() { return single_origin_; } -bool MultibufferDataSource::DidPassCORSAccessCheck() const { - if (url_data_->cors_mode() == UrlData::CORS_UNSPECIFIED) - return false; - - // If init_cb is set, we know initialization is not finished yet. - if (!init_cb_.is_null()) - return false; - if (failed_) - return false; - return true; -} - -bool MultibufferDataSource::DidGetOpaqueResponseViaServiceWorker() const { - return url_data_->has_opaque_data(); - - // TODO(falken): Do we need to do something about |init_cb_| like - // in DidPassCORSAccessCheck()? +bool MultibufferDataSource::IsCorsCrossOrigin() const { + return url_data_->is_cors_cross_origin(); } void MultibufferDataSource::MediaPlaybackRateChanged(double playback_rate) { @@ -620,8 +605,6 @@ void MultibufferDataSource::StartCallback() { // Progress callback might be called after the start callback, // make sure that we update single_origin_ now. media_log_->SetBooleanProperty("single_origin", single_origin_); - media_log_->SetBooleanProperty("passed_cors_access_check", - DidPassCORSAccessCheck()); media_log_->SetBooleanProperty("range_header_supported", url_data_->range_supported()); } diff --git a/chromium/media/blink/multibuffer_data_source.h b/chromium/media/blink/multibuffer_data_source.h index 43d1140c141..2b5b5c8321b 100644 --- a/chromium/media/blink/multibuffer_data_source.h +++ b/chromium/media/blink/multibuffer_data_source.h @@ -79,12 +79,9 @@ class MEDIA_BLINK_EXPORT MultibufferDataSource : public DataSource { // Method called on the render thread. bool HasSingleOrigin(); - // Returns true if the media resource passed a CORS access control check. - bool DidPassCORSAccessCheck() const; - - // Returns true if a service worker provided the media resource response, - // and the response was opaque. - bool DidGetOpaqueResponseViaServiceWorker() const; + // https://html.spec.whatwg.org/#cors-cross-origin + // This must be called after the response arrives. + bool IsCorsCrossOrigin() const; // Notifies changes in playback state for controlling media buffering // behavior. diff --git a/chromium/media/blink/multibuffer_data_source_unittest.cc b/chromium/media/blink/multibuffer_data_source_unittest.cc index 89793c796b4..f38e89f556d 100644 --- a/chromium/media/blink/multibuffer_data_source_unittest.cc +++ b/chromium/media/blink/multibuffer_data_source_unittest.cc @@ -1489,35 +1489,104 @@ TEST_F(MultibufferDataSourceTest, FileSizeLessThanBlockSize) { Stop(); } -TEST_F(MultibufferDataSourceTest, DidPassCORSAccessTest) { +TEST_F(MultibufferDataSourceTest, ResponseTypeBasic) { InitializeWithCORS(kHttpUrl, true, UrlData::CORS_ANONYMOUS); set_preload(MultibufferDataSource::NONE); WebURLResponse response1 = response_generator_->GeneratePartial206(0, kDataSize - 1); - response1.SetWasFetchedViaServiceWorker(true); - std::vector<blink::WebURL> urlList = {GURL(kHttpDifferentOriginUrl)}; - response1.SetURLListViaServiceWorker(urlList); - WebURLResponse response2 = - response_generator_->GeneratePartial206(kDataSize, kDataSize * 2 - 1); + response1.SetType(network::mojom::FetchResponseType::kBasic); EXPECT_CALL(host_, SetTotalBytes(kFileSize)); EXPECT_CALL(host_, AddBufferedByteRange(0, kDataSize)); EXPECT_CALL(*this, ReadCallback(kDataSize)); - EXPECT_FALSE(data_source_->DidPassCORSAccessCheck()); Respond(response1); ReceiveData(kDataSize); ReadAt(0); EXPECT_TRUE(loading()); - EXPECT_TRUE(data_source_->DidPassCORSAccessCheck()); + EXPECT_FALSE(data_source_->IsCorsCrossOrigin()); FinishLoading(); +} - // Verify that if reader_ is null, DidPassCORSAccessCheck still returns true. - data_source_->Stop(); - base::RunLoop().RunUntilIdle(); +TEST_F(MultibufferDataSourceTest, ResponseTypeCors) { + InitializeWithCORS(kHttpUrl, true, UrlData::CORS_ANONYMOUS); + set_preload(MultibufferDataSource::NONE); + WebURLResponse response1 = + response_generator_->GeneratePartial206(0, kDataSize - 1); + response1.SetType(network::mojom::FetchResponseType::kCORS); + + EXPECT_CALL(host_, SetTotalBytes(kFileSize)); + EXPECT_CALL(host_, AddBufferedByteRange(0, kDataSize)); + EXPECT_CALL(*this, ReadCallback(kDataSize)); + + Respond(response1); + ReceiveData(kDataSize); + ReadAt(0); + EXPECT_TRUE(loading()); + EXPECT_FALSE(data_source_->IsCorsCrossOrigin()); + + FinishLoading(); +} + +TEST_F(MultibufferDataSourceTest, ResponseTypeDefault) { + InitializeWithCORS(kHttpUrl, true, UrlData::CORS_ANONYMOUS); + set_preload(MultibufferDataSource::NONE); + WebURLResponse response1 = + response_generator_->GeneratePartial206(0, kDataSize - 1); + response1.SetType(network::mojom::FetchResponseType::kDefault); + + EXPECT_CALL(host_, SetTotalBytes(kFileSize)); + EXPECT_CALL(host_, AddBufferedByteRange(0, kDataSize)); + EXPECT_CALL(*this, ReadCallback(kDataSize)); + + Respond(response1); + ReceiveData(kDataSize); + ReadAt(0); + EXPECT_TRUE(loading()); + EXPECT_FALSE(data_source_->IsCorsCrossOrigin()); - EXPECT_TRUE(data_source_->DidPassCORSAccessCheck()); + FinishLoading(); +} + +TEST_F(MultibufferDataSourceTest, ResponseTypeOpaque) { + InitializeWithCORS(kHttpUrl, true, UrlData::CORS_ANONYMOUS); + set_preload(MultibufferDataSource::NONE); + WebURLResponse response1 = + response_generator_->GeneratePartial206(0, kDataSize - 1); + response1.SetType(network::mojom::FetchResponseType::kOpaque); + + EXPECT_CALL(host_, SetTotalBytes(kFileSize)); + EXPECT_CALL(host_, AddBufferedByteRange(0, kDataSize)); + EXPECT_CALL(*this, ReadCallback(kDataSize)); + + Respond(response1); + ReceiveData(kDataSize); + ReadAt(0); + EXPECT_TRUE(loading()); + EXPECT_TRUE(data_source_->IsCorsCrossOrigin()); + + FinishLoading(); +} + +TEST_F(MultibufferDataSourceTest, ResponseTypeOpaqueRedirect) { + InitializeWithCORS(kHttpUrl, true, UrlData::CORS_ANONYMOUS); + set_preload(MultibufferDataSource::NONE); + WebURLResponse response1 = + response_generator_->GeneratePartial206(0, kDataSize - 1); + response1.SetType(network::mojom::FetchResponseType::kOpaqueRedirect); + + EXPECT_CALL(host_, SetTotalBytes(kFileSize)); + EXPECT_CALL(host_, AddBufferedByteRange(0, kDataSize)); + EXPECT_CALL(*this, ReadCallback(kDataSize)); + + Respond(response1); + ReceiveData(kDataSize); + ReadAt(0); + EXPECT_TRUE(loading()); + EXPECT_TRUE(data_source_->IsCorsCrossOrigin()); + + FinishLoading(); } TEST_F(MultibufferDataSourceTest, EtagTest) { diff --git a/chromium/media/blink/resource_multibuffer_data_provider.cc b/chromium/media/blink/resource_multibuffer_data_provider.cc index 98ca8d3c347..0904bdc8c05 100644 --- a/chromium/media/blink/resource_multibuffer_data_provider.cc +++ b/chromium/media/blink/resource_multibuffer_data_provider.cc @@ -37,13 +37,13 @@ namespace media { namespace { -bool IsOpaqueData(network::mojom::FetchResponseType response_type) { +bool IsCORSCrossOriginResponseType(network::mojom::FetchResponseType response_type) { switch (response_type) { case network::mojom::FetchResponseType::kBasic: case network::mojom::FetchResponseType::kCORS: case network::mojom::FetchResponseType::kDefault: - return false; case network::mojom::FetchResponseType::kError: + return false; case network::mojom::FetchResponseType::kOpaque: case network::mojom::FetchResponseType::kOpaqueRedirect: return true; @@ -289,6 +289,8 @@ void ResourceMultiBufferDataProvider::DidReceiveResponse( int64_t content_length = response.ExpectedContentLength(); bool end_of_file = false; bool do_fail = false; + // We get the response type here because aborting the loader may change it. + const auto response_type = response.ResponseTypeViaServiceWorker(); bytes_to_discard_ = 0; // We make a strong assumption that when we reach here we have either @@ -342,10 +344,9 @@ void ResourceMultiBufferDataProvider::DidReceiveResponse( url_data_->url_index()->TryInsert(destination_url_data); } - // This is vital for security! A service worker can respond with a response - // from a different origin, so this response type is needed to detect that. - destination_url_data->set_has_opaque_data( - IsOpaqueData(response.ResponseTypeViaServiceWorker())); + // This is vital for security! + destination_url_data->set_is_cors_cross_origin( + IsCORSCrossOriginResponseType(response_type)); if (destination_url_data != url_data_) { // At this point, we've encountered a redirect, or found a better url data diff --git a/chromium/media/blink/url_index.cc b/chromium/media/blink/url_index.cc index 84c5aafa10b..bf5036e9c75 100644 --- a/chromium/media/blink/url_index.cc +++ b/chromium/media/blink/url_index.cc @@ -51,7 +51,6 @@ UrlData::UrlData(const GURL& url, CORSMode cors_mode, UrlIndex* url_index) length_(kPositionNotSpecified), range_supported_(false), cacheable_(false), - has_opaque_data_(false), last_used_(), multibuffer_(this, url_index_->block_shift_) {} @@ -87,9 +86,8 @@ void UrlData::MergeFrom(const scoped_refptr<UrlData>& other) { last_modified_ = other->last_modified_; } bytes_read_from_cache_ += other->bytes_read_from_cache_; - // set_has_opaque_data() will not relax from opaque to non-opaque if already - // opaque. - set_has_opaque_data(other->has_opaque_data_); + // is_cors_corss_origin_ will not relax from true to false. + set_is_cors_cross_origin(other->is_cors_cross_origin_); multibuffer()->MergeFrom(other->multibuffer()); } } @@ -106,10 +104,10 @@ void UrlData::set_length(int64_t length) { } } -void UrlData::set_has_opaque_data(bool has_opaque_data) { - if (has_opaque_data_) +void UrlData::set_is_cors_cross_origin(bool is_cors_cross_origin) { + if (is_cors_cross_origin_) return; - has_opaque_data_ = has_opaque_data; + is_cors_cross_origin_ = is_cors_cross_origin; } void UrlData::RedirectTo(const scoped_refptr<UrlData>& url_data) { diff --git a/chromium/media/blink/url_index.h b/chromium/media/blink/url_index.h index 2ebaad18978..ee04c4652ab 100644 --- a/chromium/media/blink/url_index.h +++ b/chromium/media/blink/url_index.h @@ -99,7 +99,8 @@ class MEDIA_BLINK_EXPORT UrlData : public base::RefCounted<UrlData> { // Returns our url_index. UrlIndex* url_index() const { return url_index_; } - bool has_opaque_data() const { return has_opaque_data_; } + // This must be called after the response arrives. + bool is_cors_cross_origin() const { return is_cors_cross_origin_; } // Notifies the url index that this is currently used. // The url <-> URLData mapping will be eventually be invalidated if @@ -119,7 +120,7 @@ class MEDIA_BLINK_EXPORT UrlData : public base::RefCounted<UrlData> { void set_range_supported(); void set_last_modified(base::Time last_modified); void set_etag(const std::string& etag); - void set_has_opaque_data(bool has_opaque_data); + void set_is_cors_cross_origin(bool is_cors_cross_origin); // A redirect has occured (or we've found a better UrlData for the same // resource). @@ -191,9 +192,8 @@ class MEDIA_BLINK_EXPORT UrlData : public base::RefCounted<UrlData> { // will not cache this url. bool cacheable_; - // True if a service worker intercepted a request for this resource - // and provided an opaque response. - bool has_opaque_data_; + // https://html.spec.whatwg.org/#cors-cross-origin + bool is_cors_cross_origin_ = false; // Last time some media time used this resource. // Note that we use base::Time rather than base::TimeTicks because diff --git a/chromium/media/blink/webmediaplayer_impl.cc b/chromium/media/blink/webmediaplayer_impl.cc index 5959f2135ad..7c7155d203a 100644 --- a/chromium/media/blink/webmediaplayer_impl.cc +++ b/chromium/media/blink/webmediaplayer_impl.cc @@ -1123,12 +1123,6 @@ void WebMediaPlayerImpl::Paint(cc::PaintCanvas* canvas, pipeline_metadata_.video_decoder_config.video_rotation(), context_3d); } -bool WebMediaPlayerImpl::DidGetOpaqueResponseFromServiceWorker() const { - if (data_source_) - return data_source_->DidGetOpaqueResponseViaServiceWorker(); - return false; -} - bool WebMediaPlayerImpl::HasSingleSecurityOrigin() const { if (demuxer_found_hls_) { // HLS manifests might pull segments from a different origin. We can't know @@ -1141,10 +1135,15 @@ bool WebMediaPlayerImpl::HasSingleSecurityOrigin() const { return true; } -bool WebMediaPlayerImpl::DidPassCORSAccessCheck() const { - if (data_source_) - return data_source_->DidPassCORSAccessCheck(); - return false; +bool WebMediaPlayerImpl::WouldTaintOrigin() const { + if (!HasSingleSecurityOrigin()) { + // When the resource is redirected to another origin we think it as + // tainted. This is actually not specified, and is under discussion. + // See https://github.com/whatwg/fetch/issues/737. + return true; + } + + return data_source_ && data_source_->IsCorsCrossOrigin(); } double WebMediaPlayerImpl::MediaTimeForTimeValue(double timeValue) const { diff --git a/chromium/media/blink/webmediaplayer_impl.h b/chromium/media/blink/webmediaplayer_impl.h index cb72c64ac2b..40772fdc1fb 100644 --- a/chromium/media/blink/webmediaplayer_impl.h +++ b/chromium/media/blink/webmediaplayer_impl.h @@ -186,10 +186,7 @@ class MEDIA_BLINK_EXPORT WebMediaPlayerImpl blink::WebString GetErrorMessage() const override; bool DidLoadingProgress() override; - - bool DidGetOpaqueResponseFromServiceWorker() const override; - bool HasSingleSecurityOrigin() const override; - bool DidPassCORSAccessCheck() const override; + bool WouldTaintOrigin() const override; double MediaTimeForTimeValue(double timeValue) const override; @@ -327,6 +324,8 @@ class MEDIA_BLINK_EXPORT WebMediaPlayerImpl void OnPipelineResumed(); void OnDemuxerOpened(); + bool HasSingleSecurityOrigin() const; + // Pipeline::Client overrides. void OnError(PipelineStatus status) override; void OnEnded() override; diff --git a/chromium/third_party/blink/public/platform/web_media_player.h b/chromium/third_party/blink/public/platform/web_media_player.h index caab45ce35a..409c32d70f8 100644 --- a/chromium/third_party/blink/public/platform/web_media_player.h +++ b/chromium/third_party/blink/public/platform/web_media_player.h @@ -203,9 +203,10 @@ class WebMediaPlayer { virtual bool DidLoadingProgress() = 0; - virtual bool DidGetOpaqueResponseFromServiceWorker() const = 0; - virtual bool HasSingleSecurityOrigin() const = 0; - virtual bool DidPassCORSAccessCheck() const = 0; + // Returns true if the response is CORS-cross-origin and so we shouldn't be + // allowing media to play through webaudio. + // This should be called after the response has arrived. + virtual bool WouldTaintOrigin() const = 0; virtual double MediaTimeForTimeValue(double time_value) const = 0; diff --git a/chromium/third_party/blink/renderer/core/html/media/html_media_element.cc b/chromium/third_party/blink/renderer/core/html/media/html_media_element.cc index a7cec27411c..e9dd039e4d5 100644 --- a/chromium/third_party/blink/renderer/core/html/media/html_media_element.cc +++ b/chromium/third_party/blink/renderer/core/html/media/html_media_element.cc @@ -1488,30 +1488,14 @@ bool HTMLMediaElement::IsSafeToLoadURL(const KURL& url, bool HTMLMediaElement::IsMediaDataCORSSameOrigin( const SecurityOrigin* origin) const { - // If a service worker handled the request, we don't know if the origin in the - // src is the same as the actual response URL so can't rely on URL checks - // alone. So detect an opaque response via - // DidGetOpaqueResponseFromServiceWorker(). - if (GetWebMediaPlayer() && - GetWebMediaPlayer()->DidGetOpaqueResponseFromServiceWorker()) { - return false; - } - - // At this point, either a service worker was not used, or it didn't provide - // an opaque response, so continue with the normal checks. + if (!GetWebMediaPlayer()) + return true; - // HasSingleSecurityOrigin() tells us whether the origin in the src - // is the same as the actual request (i.e. after redirects). - if (!HasSingleSecurityOrigin()) + const auto network_state = GetWebMediaPlayer()->GetNetworkState(); + if (network_state == WebMediaPlayer::kNetworkStateNetworkError) return false; - // DidPassCORSAccessCheck() means it was a successful CORS-enabled fetch (vs. - // non-CORS-enabled or failed). CanReadContent() does CheckAccess() on the - // URL plus allows data sources, to ensure that it is not a URL that requires - // CORS (basically same origin). - return (GetWebMediaPlayer() && - GetWebMediaPlayer()->DidPassCORSAccessCheck()) || - origin->CanReadContent(currentSrc()); + return !GetWebMediaPlayer()->WouldTaintOrigin(); } bool HTMLMediaElement::IsInCrossOriginFrame() const { diff --git a/chromium/third_party/blink/renderer/core/html/media/html_media_element.h b/chromium/third_party/blink/renderer/core/html/media/html_media_element.h index c9b109245ca..693bb3fa5ae 100644 --- a/chromium/third_party/blink/renderer/core/html/media/html_media_element.h +++ b/chromium/third_party/blink/renderer/core/html/media/html_media_element.h @@ -266,11 +266,6 @@ class CORE_EXPORT HTMLMediaElement // of one of them here. using HTMLElement::GetExecutionContext; - bool HasSingleSecurityOrigin() const { - return GetWebMediaPlayer() ? GetWebMediaPlayer()->HasSingleSecurityOrigin() - : true; - } - bool IsFullscreen() const; void DidEnterFullscreen(); void DidExitFullscreen(); diff --git a/chromium/third_party/blink/renderer/modules/webaudio/base_audio_context.cc b/chromium/third_party/blink/renderer/modules/webaudio/base_audio_context.cc index f30bd880a15..71d882ca14a 100644 --- a/chromium/third_party/blink/renderer/modules/webaudio/base_audio_context.cc +++ b/chromium/third_party/blink/renderer/modules/webaudio/base_audio_context.cc @@ -924,21 +924,4 @@ void BaseAudioContext::UpdateWorkletGlobalScopeOnRenderingThread() { } } -bool BaseAudioContext::WouldTaintOrigin(const KURL& url) const { - // Data URLs don't taint the origin. - if (url.ProtocolIsData()) { - return false; - } - - Document* document = GetDocument(); - if (document && document->GetSecurityOrigin()) { - // The origin is tainted if and only if we cannot read content from the URL. - return !document->GetSecurityOrigin()->CanRequest(url); - } - - // Be conservative and assume it's tainted if it's not a data url and if we - // can't get the security origin of the document. - return true; -} - } // namespace blink diff --git a/chromium/third_party/blink/renderer/modules/webaudio/base_audio_context.h b/chromium/third_party/blink/renderer/modules/webaudio/base_audio_context.h index f55e32c4b70..aa1a99b9110 100644 --- a/chromium/third_party/blink/renderer/modules/webaudio/base_audio_context.h +++ b/chromium/third_party/blink/renderer/modules/webaudio/base_audio_context.h @@ -309,13 +309,6 @@ class MODULES_EXPORT BaseAudioContext // Does nothing when the worklet global scope does not exist. void UpdateWorkletGlobalScopeOnRenderingThread(); - // Returns true if the URL would taint the origin so that we shouldn't be - // allowing media to played through webaudio. - // TODO(crbug.com/845913): This should really be on an AudioContext. Move - // this when we move the media stuff from BaseAudioContext to AudioContext, as - // requried by the spec. - bool WouldTaintOrigin(const KURL& url) const; - protected: enum ContextType { kRealtimeContext, kOfflineContext }; diff --git a/chromium/third_party/blink/renderer/modules/webaudio/media_element_audio_source_node.cc b/chromium/third_party/blink/renderer/modules/webaudio/media_element_audio_source_node.cc index 9c24f3a4ff5..6fb12bebc16 100644 --- a/chromium/third_party/blink/renderer/modules/webaudio/media_element_audio_source_node.cc +++ b/chromium/third_party/blink/renderer/modules/webaudio/media_element_audio_source_node.cc @@ -136,19 +136,7 @@ void MediaElementAudioSourceHandler::SetFormat(size_t number_of_channels, } bool MediaElementAudioSourceHandler::WouldTaintOrigin() { - // If we're cross-origin and allowed access vie CORS, we're not tainted. - if (MediaElement()->GetWebMediaPlayer()->DidPassCORSAccessCheck()) { - return false; - } - - // Handles the case where the url is a redirect to another site that we're not - // allowed to access. - if (!MediaElement()->HasSingleSecurityOrigin()) { - return true; - } - - // Test to see if the current media URL taint the origin of the audio context? - return Context()->WouldTaintOrigin(MediaElement()->currentSrc()); + return MediaElement()->GetWebMediaPlayer()->WouldTaintOrigin(); } void MediaElementAudioSourceHandler::PrintCORSMessage(const String& message) { diff --git a/chromium/third_party/blink/renderer/platform/testing/empty_web_media_player.h b/chromium/third_party/blink/renderer/platform/testing/empty_web_media_player.h index ef7511a198c..7b513cad919 100644 --- a/chromium/third_party/blink/renderer/platform/testing/empty_web_media_player.h +++ b/chromium/third_party/blink/renderer/platform/testing/empty_web_media_player.h @@ -48,9 +48,7 @@ class EmptyWebMediaPlayer : public WebMediaPlayer { ReadyState GetReadyState() const override { return kReadyStateHaveNothing; } WebString GetErrorMessage() const override; bool DidLoadingProgress() override { return false; } - bool DidGetOpaqueResponseFromServiceWorker() const override { return false; } - bool HasSingleSecurityOrigin() const override { return true; } - bool DidPassCORSAccessCheck() const override { return true; } + bool WouldTaintOrigin() const override { return false; } double MediaTimeForTimeValue(double time_value) const override { return time_value; }; |