[tor-commits] [tor-browser] 32/73: Bug 1781063 don't use tainting for cross-origin check on document media resource loads r=chunmin a=RyanVM

[gitolite role]

This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch geckoview-102.3.0esr-12.0-1
in repository tor-browser.

commit 4b97f47d5532e8f7dd0c82a743f992d75ddd6c9d
Author: Karl Tomlinson <karlt+ at karlt.net>
AuthorDate: Wed Aug 24 01:55:02 2022 +0000

    Bug 1781063 don't use tainting for cross-origin check on document media resource loads r=chunmin a=RyanVM
    
    When the media resource is loaded as a document, the response from the initial
    document load gets reused, as an optimization, as an emulated load for the
    resource of the media host element in the generated HTML document.
    https://searchfox.org/mozilla-central/rev/5644fae86d5122519a0e34ee03117c88c6ed9b47/dom/html/VideoDocument.cpp#114
    https://html.spec.whatwg.org/multipage/browsing-the-web.html#read-media
    
    Depends on D154041
    
    Differential Revision: https://phabricator.services.mozilla.com/D154042
---
 dom/media/ChannelMediaResource.cpp | 27 ++++++++++++++++++++-------
 1 file changed, 20 insertions(+), 7 deletions(-)

diff --git a/dom/media/ChannelMediaResource.cpp b/dom/media/ChannelMediaResource.cpp
index e0a44ab805d52..1bff255343ef1 100644
--- a/dom/media/ChannelMediaResource.cpp
+++ b/dom/media/ChannelMediaResource.cpp
@@ -814,14 +814,27 @@ void ChannelMediaResource::UpdatePrincipal() {
         mode == nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT ||
             mode == nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
         "no-cors request");
+    MOZ_ASSERT(!hadData || !mChannel->IsDocument(),
+               "Only the initial load may be a document load");
     bool finalResponseIsOpaque =
-        // GetChannelResultPrincipal() returns the original request URL for
-        // null-origin Responses from ServiceWorker, in which case the URL
-        // does not indicate the real source of data.  Such null-origin
-        // Responses have Basic LoadTainting.  CORS filtered Responses from
-        // ServiceWorker also cannot be mixed with no-cors cross-origin
-        // responses.
-        loadInfo->GetTainting() == LoadTainting::Opaque &&
+        // NS_GetFinalChannelURI() and GetChannelResultPrincipal() return the
+        // original request URI for null-origin Responses from ServiceWorker,
+        // in which case the URI does not necessarily indicate the real source
+        // of data.  Such null-origin Responses have Basic LoadTainting, and
+        // so can be distinguished from true cross-origin responses when the
+        // channel is not a document load.
+        //
+        // When the channel is a document load, LoadTainting indicates opacity
+        // wrt the parent document and so does not indicate whether the
+        // response is cross-origin wrt to the media element.  However,
+        // ServiceWorkers for document loads are always same-origin with the
+        // channel URI and so there is no need to distinguish null-origin
+        // ServiceWorker responses to document loads.
+        //
+        // CORS filtered Responses from ServiceWorker also cannot be mixed
+        // with no-cors cross-origin responses.
+        (mChannel->IsDocument() ||
+         loadInfo->GetTainting() == LoadTainting::Opaque) &&
         // Although intermediate cross-origin redirects back to URIs with
         // loadingPrincipal will have LoadTainting::Opaque and will taint the
         // media element, they are not considered opaque when verifying

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.