[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor-browser] 32/73: Bug 1781063 don't use tainting for cross-origin check on document media resource loads r=chunmin a=RyanVM

To: tor-commits@xxxxxxxxxxxxxxxxxxxx, tbb-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor-browser] 32/73: Bug 1781063 don't use tainting for cross-origin check on document media resource loads r=chunmin a=RyanVM
From: gitolite role via tor-commits <tor-commits@xxxxxxxxxxxxxxxxxxxx>
Date: Wed, 21 Sep 2022 20:17:25 +0000
Auto-submitted: auto-generated
Cc: gitolite role <git@xxxxxxxxxxxxxxxxxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 21 Sep 2022 16:20:37 -0400
In-reply-to: <166379141357.15850.12037895324351623611@cupani.torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
References: <166379141357.15850.12037895324351623611@cupani.torproject.org>
Reply-to: Karl Tomlinson <karlt+@xxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>
Thread-index: AQAAEjRW9ZGtaPi8QbiH6XkdUPnIww==

This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch geckoview-102.3.0esr-12.0-1
in repository tor-browser.

commit 4b97f47d5532e8f7dd0c82a743f992d75ddd6c9d
Author: Karl Tomlinson <karlt+@xxxxxxxxx>
AuthorDate: Wed Aug 24 01:55:02 2022 +0000

    Bug 1781063 don't use tainting for cross-origin check on document media resource loads r=chunmin a=RyanVM
    
    When the media resource is loaded as a document, the response from the initial
    document load gets reused, as an optimization, as an emulated load for the
    resource of the media host element in the generated HTML document.
    https://searchfox.org/mozilla-central/rev/5644fae86d5122519a0e34ee03117c88c6ed9b47/dom/html/VideoDocument.cpp#114
    https://html.spec.whatwg.org/multipage/browsing-the-web.html#read-media
    
    Depends on D154041
    
    Differential Revision: https://phabricator.services.mozilla.com/D154042
---
 dom/media/ChannelMediaResource.cpp | 27 ++++++++++++++++++++-------
 1 file changed, 20 insertions(+), 7 deletions(-)

diff --git a/dom/media/ChannelMediaResource.cpp b/dom/media/ChannelMediaResource.cpp
index e0a44ab805d52..1bff255343ef1 100644
--- a/dom/media/ChannelMediaResource.cpp
+++ b/dom/media/ChannelMediaResource.cpp
@@ -814,14 +814,27 @@ void ChannelMediaResource::UpdatePrincipal() {
         mode == nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT ||
             mode == nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
         "no-cors request");
+    MOZ_ASSERT(!hadData || !mChannel->IsDocument(),
+               "Only the initial load may be a document load");
     bool finalResponseIsOpaque =
-        // GetChannelResultPrincipal() returns the original request URL for
-        // null-origin Responses from ServiceWorker, in which case the URL
-        // does not indicate the real source of data.  Such null-origin
-        // Responses have Basic LoadTainting.  CORS filtered Responses from
-        // ServiceWorker also cannot be mixed with no-cors cross-origin
-        // responses.
-        loadInfo->GetTainting() == LoadTainting::Opaque &&
+        // NS_GetFinalChannelURI() and GetChannelResultPrincipal() return the
+        // original request URI for null-origin Responses from ServiceWorker,
+        // in which case the URI does not necessarily indicate the real source
+        // of data.  Such null-origin Responses have Basic LoadTainting, and
+        // so can be distinguished from true cross-origin responses when the
+        // channel is not a document load.
+        //
+        // When the channel is a document load, LoadTainting indicates opacity
+        // wrt the parent document and so does not indicate whether the
+        // response is cross-origin wrt to the media element.  However,
+        // ServiceWorkers for document loads are always same-origin with the
+        // channel URI and so there is no need to distinguish null-origin
+        // ServiceWorker responses to document loads.
+        //
+        // CORS filtered Responses from ServiceWorker also cannot be mixed
+        // with no-cors cross-origin responses.
+        (mChannel->IsDocument() ||
+         loadInfo->GetTainting() == LoadTainting::Opaque) &&
         // Although intermediate cross-origin redirects back to URIs with
         // loadingPrincipal will have LoadTainting::Opaque and will taint the
         // media element, they are not considered opaque when verifying

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

References:
- [tor-commits] [tor-browser] branch geckoview-102.3.0esr-12.0-1 created (now f76d47caa2328)
  - From: gitolite role via tor-commits

Prev by Author: [tor-commits] [tor-browser] 51/76: Bug 26961: New user onboarding.
Next by Author: [tor-commits] [tor-browser] 43/73: Bug 1777604 - wasm: Perform a pipeline flush while creating a module object. r=nbp, a=RyanVM
Previous by thread: [tor-commits] [tor-browser] 37/73: Bug 1768671 - force append '.pdf' for pdf blob downloads displayed inline if it's missing, r=marco a=RyanVM
Next by thread: [tor-commits] [tor-browser] 31/73: Bug 1781759 Test cross origin load of media document in parts r=chunmin a=RyanVM
Index(es):
- Author
- Thread