commit 76b17217e5ca58374f0a18b1a5a798470d13e460 Author: Sebastian Streich sstreich@mozilla.com Date: Thu Jul 16 12:03:38 2020 +0000
Bug 1450853 - Use Generic Error for 3rdparty MediaElement r=ckerschb,smaug, a=jcristau
*** Add test
Differential Revision: https://phabricator.services.mozilla.com/D80080 --- dom/html/HTMLMediaElement.cpp | 19 ++++++++- dom/security/test/general/mochitest.ini | 1 + dom/security/test/general/test_bug1450853.html | 58 ++++++++++++++++++++++++++ 3 files changed, 77 insertions(+), 1 deletion(-)
diff --git a/dom/html/HTMLMediaElement.cpp b/dom/html/HTMLMediaElement.cpp index 2b88b4ed4e9d..ca7ec8b944d5 100644 --- a/dom/html/HTMLMediaElement.cpp +++ b/dom/html/HTMLMediaElement.cpp @@ -2309,7 +2309,24 @@ void HTMLMediaElement::NoSupportedMediaSourceError( if (mDecoder) { ShutdownDecoder(); } - mErrorSink->SetError(MEDIA_ERR_SRC_NOT_SUPPORTED, aErrorDetails); + + bool isThirdPartyLoad = false; + nsresult rv = NS_ERROR_NOT_AVAILABLE; + if (mSrcAttrTriggeringPrincipal) { + rv = mSrcAttrTriggeringPrincipal->IsThirdPartyURI(mLoadingSrc, + &isThirdPartyLoad); + } + + if (NS_SUCCEEDED(rv) && isThirdPartyLoad) { + // aErrorDetails can include sensitive details like MimeType or HTTP Status + // Code. In case we're loading a 3rd party resource we should not leak this + // and pass a Generic Error Message + mErrorSink->SetError(MEDIA_ERR_SRC_NOT_SUPPORTED, + NS_LITERAL_CSTRING("Failed to open media")); + } else { + mErrorSink->SetError(MEDIA_ERR_SRC_NOT_SUPPORTED, aErrorDetails); + } + RemoveMediaTracks(); ChangeDelayLoadStatus(false); UpdateAudioChannelPlayingState(); diff --git a/dom/security/test/general/mochitest.ini b/dom/security/test/general/mochitest.ini index be7d7b565754..cb952cd9d5a9 100644 --- a/dom/security/test/general/mochitest.ini +++ b/dom/security/test/general/mochitest.ini @@ -56,3 +56,4 @@ support-files = file_xfo_error_page.sjs [test_sec_fetch_websocket.html] skip-if = toolkit == 'android' # no websocket support Bug 982828 support-files = file_sec_fetch_websocket_wsh.py +[test_bug1450853.html] \ No newline at end of file diff --git a/dom/security/test/general/test_bug1450853.html b/dom/security/test/general/test_bug1450853.html new file mode 100644 index 000000000000..ffbc654d8fca --- /dev/null +++ b/dom/security/test/general/test_bug1450853.html @@ -0,0 +1,58 @@ +<!DOCTYPE html> +<html> +<!-- +https://bugzilla.mozilla.org/show_bug.cgi?id=1450853 +--> +<head> +<meta charset="utf-8"> +<title>Test for Cross-origin resouce status leak via MediaError</title> +<script src="/tests/SimpleTest/SimpleTest.js"></script> +<script src="/tests/SimpleTest/ChromeTask.js"></script> +<link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"/> + +<audio autoplay id="audio"></audio> + +<script type="application/javascript"> + +/** Test for Bug 1450853 **/ +CONST_GENERIC_ERROR_MESSAGE = "Failed to open media"; + +add_task(function() { + return new Promise((resolve) => { + let audioElement = document.getElementById("audio"); + + audioElement.onerror = function() { + let err = this.error; + let message = err.message; + info(`Got Audio Error -> ${message}`); + ok(message.includes("404"), "Same-Origin Error Message may contain status data"); + resolve(); + }; + audioElement.src = "/media/test.mp3"; + }); +}); + +add_task(function() { + return new Promise((resolve) => { + let audioElement = document.getElementById("audio"); + + audioElement.onerror = function() { + let err = this.error; + let message = err.message; + + info(`Got Audio Error -> ${message}`); + is(message,CONST_GENERIC_ERROR_MESSAGE, "Cross-Origin Error Message is only Generic"); + resolve(); + }; + audioElement.src = "https://example.com/media/test.mp3"; + }); +}); + +</script> +</head> + +<body> + <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1450853">Mozilla Bug 1450853</a> + <iframe width="0" height="0"></iframe> + </body> +</html>