diff options
-rw-r--r-- | chromium/third_party/blink/renderer/core/html/media/html_media_element.cc | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/chromium/third_party/blink/renderer/core/html/media/html_media_element.cc b/chromium/third_party/blink/renderer/core/html/media/html_media_element.cc index bb8e7d76e23..c7eeb945a2e 100644 --- a/chromium/third_party/blink/renderer/core/html/media/html_media_element.cc +++ b/chromium/third_party/blink/renderer/core/html/media/html_media_element.cc @@ -90,6 +90,7 @@ #include "third_party/blink/renderer/core/intersection_observer/intersection_observer_entry.h" #include "third_party/blink/renderer/core/layout/layout_media.h" #include "third_party/blink/renderer/core/layout/layout_view.h" +#include "third_party/blink/renderer/core/loader/mixed_content_checker.h" #include "third_party/blink/renderer/core/page/chrome_client.h" #include "third_party/blink/renderer/core/page/page.h" #include "third_party/blink/renderer/core/paint/compositing/paint_layer_compositor.h" @@ -1799,6 +1800,28 @@ void HTMLMediaElement::SetReadyState(ReadyState state) { web_media_player_) { current_src_after_redirects_ = KURL(web_media_player_->GetSrcAfterRedirects()); + + // Sometimes WebMediaPlayer may load a URL from an in memory cache, which + // skips notification of insecure content. Ensure we always notify the + // MixedContentChecker of what happened, even if the load was skipped. + if (LocalFrame* frame = GetDocument().GetFrame()) { + // We don't care about the return value here. The MixedContentChecker will + // internally notify for insecure content if it needs to regardless of + // what the return value ends up being for this call. + MixedContentChecker::ShouldBlockFetch( + frame, + HasVideo() ? mojom::blink::RequestContextType::VIDEO + : mojom::blink::RequestContextType::AUDIO, + // Strictly speaking, this check is an approximation; a request could + // have have redirected back to its original URL, for example. + // However, the redirect status is only used to prevent leaking + // information cross-origin via CSP reports, so comparing URLs is + // sufficient for that purpose. + current_src_after_redirects_ == current_src_ + ? ResourceRequest::RedirectStatus::kNoRedirect + : ResourceRequest::RedirectStatus::kFollowedRedirect, + current_src_after_redirects_); + } } if (new_state > ready_state_maximum_) |