Issue 16327002: android: Implement single origin and CORS check for video

Issue 16327002: android: Implement single origin and CORS check for video (Closed)

Created:
7 years, 6 months ago by Sami

Modified:
7 years, 6 months ago

Reviewers:
Ken Russell (switch to Gerrit), vrk (LEFT CHROMIUM), piman, acolwell GONE FROM CHROMIUM, qinmin, Alexei Svitkine (slow), DaleCurtis, ddorwin, scherkus (not reviewing)

CC:
chromium-reviews, feature-media-reviews_chromium.org, darin-cc_chromium.org

Base URL:
svn://svn.chromium.org/chrome/trunk/src

Visibility:
Public.

More Reviews

Description

android: Implement single origin and CORS check for video This patch implements hasSingleSecurityOrigin and didPassCORSAccessCheck for the Android media player. Since we cannot query this information directly from the native media player, we use a dedicated resource loader to track redirects and perform the CORS access check. The native media player is only started after this process has completed. The new MediaInfoLoader class is based on BufferedResourceLoader. The info loading request is started in parallel to the media player, and the DOM ready state is updated only once the info loader has completed and the player has provided video metadata. BUG=234710 TEST=https://www.khronos.org/registry/webgl/conformance-suites/1.0.1/conformance/textures/tex-image-and-sub-image-2d-with-video.html Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=205853

Patch Set 1 #

Patch Set 2 : Added tests. #

Total comments: 11

Patch Set 3 : Rebased. #

Patch Set 4 : No CORS/redirect check when using media source. #

Total comments: 1

Patch Set 5 : No need to do anything in destructor. #

Total comments: 2

Patch Set 6 : Rebased. Same origin = true for media streams. #

Total comments: 14

Patch Set 7 : Rebased again. #

Total comments: 2

Patch Set 8 : Address feedback. Add UMA stat. #

Patch Set 9 : Fetch media info in parallel. #

Total comments: 6

Patch Set 10 : Address nits. #

Created: 7 years, 6 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+566 lines, -9 lines)			Patch
M	content/content_tests.gypi	View	1 2 3 4 5 6 7 8 9	1 chunk	+1 line, -0 lines	0 comments	Download
M	tools/metrics/histograms/histograms.xml	View	1 2 3 4 5 6 7 8 9	1 chunk	+7 lines, -0 lines	0 comments	Download
M	webkit/renderer/media/android/webmediaplayer_android.h	View	1 2 3 4 5 6 7 8 9	4 chunks	+8 lines, -0 lines	0 comments	Download
M	webkit/renderer/media/android/webmediaplayer_android.cc	View	1 2 3 4 5 6 7 8 9	7 chunks	+41 lines, -9 lines	0 comments	Download
A	webkit/renderer/media/media_info_loader.h	View	1 2 3 4 5 6 7	1 chunk	+122 lines, -0 lines	0 comments	Download
A	webkit/renderer/media/media_info_loader.cc	View	1 2 3 4 5 6 7 8 9	1 chunk	+185 lines, -0 lines	0 comments	Download
A	webkit/renderer/media/media_info_loader_unittest.cc	View	1 2 3 4 5 6 7	1 chunk	+200 lines, -0 lines	0 comments	Download
M	webkit/renderer/media/webkit_media.gypi	View	1 2 3 4 5 6 7	1 chunk	+2 lines, -0 lines	0 comments	Download

Messages

Total messages: 32 (0 generated)

Expand Messages | Collapse Messages

Sami

Hi Min. Here's code to do same-origin and CORS checks for media streams. PTAL.

7 years, 6 months ago (2013-06-03 15:53:20 UTC) #1

qinmin

https://codereview.chromium.org/16327002/diff/1001/webkit/media/android/media_info_loader_android.h File webkit/media/android/media_info_loader_android.h (right): https://codereview.chromium.org/16327002/diff/1001/webkit/media/android/media_info_loader_android.h#newcode54 webkit/media/android/media_info_loader_android.h:54: virtual ~MediaInfoLoaderAndroid(); does this needs to be virtual？ https://codereview.chromium.org/16327002/diff/1001/webkit/media/android/webmediaplayer_android.cc ...

7 years, 6 months ago (2013-06-03 16:55:59 UTC) #2

scherkus (not reviewing)

https://codereview.chromium.org/16327002/diff/1001/webkit/media/android/media_info_loader_android.cc File webkit/media/android/media_info_loader_android.cc (right): https://codereview.chromium.org/16327002/diff/1001/webkit/media/android/media_info_loader_android.cc#newcode126 webkit/media/android/media_info_loader_android.cc:126: // Ignored. so if this was a 100MB media ...

7 years, 6 months ago (2013-06-03 16:57:04 UTC) #3

Sami

7 years, 6 months ago (2013-06-03 17:12:56 UTC) #4

scherkus (not reviewing)

7 years, 6 months ago (2013-06-03 17:37:39 UTC) #5

qinmin

lgtm % nits https://codereview.chromium.org/16327002/diff/2008/webkit/renderer/media/android/media_info_loader_android.cc File webkit/renderer/media/android/media_info_loader_android.cc (right): https://codereview.chromium.org/16327002/diff/2008/webkit/renderer/media/android/media_info_loader_android.cc#newcode37 webkit/renderer/media/android/media_info_loader_android.cc:37: active_loader_.reset(); nit: is there any benefit ...

7 years, 6 months ago (2013-06-04 02:43:27 UTC) #6

Sami

> https://codereview.chromium.org/16327002/diff/2008/webkit/renderer/media/android/media_info_loader_android.cc#newcode37 > webkit/renderer/media/android/media_info_loader_android.cc:37: > active_loader_.reset(); > nit: is there any benefit of doing this? ...

7 years, 6 months ago (2013-06-04 11:08:22 UTC) #7

Ken Russell (switch to Gerrit)

This looks excellent; one question. https://codereview.chromium.org/16327002/diff/12001/webkit/renderer/media/android/webmediaplayer_android.cc File webkit/renderer/media/android/webmediaplayer_android.cc (right): https://codereview.chromium.org/16327002/diff/12001/webkit/renderer/media/android/webmediaplayer_android.cc#newcode369 webkit/renderer/media/android/webmediaplayer_android.cc:369: return false; Should this ...

7 years, 6 months ago (2013-06-05 18:33:50 UTC) #9

Sami

Thanks Ken. scherkus@, piman@, any thouhts? https://codereview.chromium.org/16327002/diff/12001/webkit/renderer/media/android/webmediaplayer_android.cc File webkit/renderer/media/android/webmediaplayer_android.cc (right): https://codereview.chromium.org/16327002/diff/12001/webkit/renderer/media/android/webmediaplayer_android.cc#newcode369 webkit/renderer/media/android/webmediaplayer_android.cc:369: return false; On ...

7 years, 6 months ago (2013-06-06 12:29:48 UTC) #10

Sami

Added some owners for webkit/renderer/media/webkit_media.gypi. PTAL.

7 years, 6 months ago (2013-06-06 16:55:46 UTC) #12

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/[email protected]/16327002/18001

7 years, 6 months ago (2013-06-10 18:35:20 UTC) #16

commit-bot: I haz the power

Failed to apply patch for webkit/renderer/media/android/webmediaplayer_android.cc: While running patch -p1 --forward --force --no-backup-if-mismatch; patching file ...

7 years, 6 months ago (2013-06-10 18:35:22 UTC) #17

Failed to apply patch for
webkit/renderer/media/android/webmediaplayer_android.cc:
While running patch -p1 --forward --force --no-backup-if-mismatch;
  patching file webkit/renderer/media/android/webmediaplayer_android.cc
  Hunk #1 succeeded at 150 (offset 2 lines).
  Hunk #2 FAILED at 183.
  Hunk #3 succeeded at 372 (offset -32 lines).
  1 out of 3 hunks FAILED -- saving rejects to file
webkit/renderer/media/android/webmediaplayer_android.cc.rej

Patch:       webkit/renderer/media/android/webmediaplayer_android.cc
Index: webkit/renderer/media/android/webmediaplayer_android.cc
diff --git a/webkit/renderer/media/android/webmediaplayer_android.cc
b/webkit/renderer/media/android/webmediaplayer_android.cc
index
17017dbbb4c8ecc8cb26acfbb4dded33712d6f97..91c142df9f724b711563cbd403f491205a1a845b
100644
--- a/webkit/renderer/media/android/webmediaplayer_android.cc
+++ b/webkit/renderer/media/android/webmediaplayer_android.cc
@@ -148,11 +148,9 @@ void WebMediaPlayerAndroid::load(const WebURL& url,
CORSMode cors_mode) {
 void WebMediaPlayerAndroid::load(const WebURL& url,
                                  WebMediaSource* media_source,
                                  CORSMode cors_mode) {
-  if (cors_mode != CORSModeUnspecified)
-    NOTIMPLEMENTED() << "No CORS support";
-
   MediaPlayerAndroid::SourceType source_type =
       MediaPlayerAndroid::SOURCE_TYPE_URL;
+  url_ = url;
 
   if (media_source)
     source_type = MediaPlayerAndroid::SOURCE_TYPE_MSE;
@@ -185,28 +183,43 @@ void WebMediaPlayerAndroid::load(const WebURL& url,
         audio_renderer_->Start();
     }
 #endif
+    InitializeMediaPlayer(source_type);
+  } else {
+    info_loader_.reset(
+        new MediaInfoLoaderAndroid(
+            url_,
+            cors_mode,
+            base::Bind(&WebMediaPlayerAndroid::DidLoadMediaInfo,
+                       base::Unretained(this))));
+    info_loader_->Start(frame_);
+  }
+  UpdateNetworkState(WebMediaPlayer::NetworkStateLoading);
+  UpdateReadyState(WebMediaPlayer::ReadyStateHaveNothing);
+}
+
+void WebMediaPlayerAndroid::DidLoadMediaInfo(
+    MediaInfoLoaderAndroid::Status status) {
+  DCHECK(!media_source_delegate_);
+  if (status == MediaInfoLoaderAndroid::kFailed) {
+    info_loader_.reset();
+    return;
   }
 
-  InitializeMediaPlayer(url, source_type);
+  InitializeMediaPlayer(MediaPlayerAndroid::SOURCE_TYPE_URL);
 }
 
 void WebMediaPlayerAndroid::InitializeMediaPlayer(
-    const WebURL& url,
     MediaPlayerAndroid::SourceType source_type) {
-  url_ = url;
   GURL first_party_url = frame_->document().firstPartyForCookies();
   if (proxy_) {
-    proxy_->Initialize(player_id_, url, source_type, first_party_url);
+    proxy_->Initialize(player_id_, url_, source_type, first_party_url);
     if (manager_->IsInFullscreen(frame_))
       proxy_->EnterFullscreen(player_id_);
   }
-
-  UpdateNetworkState(WebMediaPlayer::NetworkStateLoading);
-  UpdateReadyState(WebMediaPlayer::ReadyStateHaveNothing);
 }
 
 void WebMediaPlayerAndroid::cancelLoad() {
-  NOTIMPLEMENTED();
+  info_loader_.reset();
 }
 
 void WebMediaPlayerAndroid::play() {
@@ -406,14 +419,14 @@ bool
WebMediaPlayerAndroid::copyVideoTextureToPlatformTexture(
 }
 
 bool WebMediaPlayerAndroid::hasSingleSecurityOrigin() const {
-  // TODO(qinmin): fix this for urls that are not file.
-  // https://code.google.com/p/chromium/issues/detail?id=234710
-  if (url_.SchemeIsFile())
-    return true;
-  return false;
+  if (info_loader_)
+    return info_loader_->HasSingleOrigin();
+  return true;
 }
 
 bool WebMediaPlayerAndroid::didPassCORSAccessCheck() const {
+  if (info_loader_)
+    return info_loader_->DidPassCORSAccessCheck();
   return false;
 }

vrk (LEFT CHROMIUM)

Gah I'm so sorry; I didn't realize that scherkus had unanswered concerns earlier in the ...

7 years, 6 months ago (2013-06-10 18:54:05 UTC) #18

vrk (LEFT CHROMIUM)

On 2013/06/10 18:54:05, Victoria Kirst wrote: > Gah I'm so sorry; I didn't realize that ...

7 years, 6 months ago (2013-06-10 18:55:14 UTC) #19

acolwell GONE FROM CHROMIUM

https://codereview.chromium.org/16327002/diff/18001/webkit/renderer/media/android/media_info_loader_android.cc File webkit/renderer/media/android/media_info_loader_android.cc (right): https://codereview.chromium.org/16327002/diff/18001/webkit/renderer/media/android/media_info_loader_android.cc#newcode112 webkit/renderer/media/android/media_info_loader_android.cc:112: } else { nit: drop else and early return ...

7 years, 6 months ago (2013-06-10 19:17:32 UTC) #20

scherkus (not reviewing)

I'm not comfortable landing this patch w/o any way of knowing what the impact will ...

7 years, 6 months ago (2013-06-11 02:19:34 UTC) #21

Sami

7 years, 6 months ago (2013-06-11 13:51:24 UTC) #22

Sami

On 2013/06/11 02:19:34, scherkus wrote: > I'm not comfortable landing this patch w/o any way ...

7 years, 6 months ago (2013-06-11 14:14:01 UTC) #23

Sami

With the hopes of addressing the extra http request delay concerns, I've uploaded a patch ...

7 years, 6 months ago (2013-06-11 17:29:26 UTC) #24

qinmin

On 2013/06/11 17:29:26, Sami wrote: > With the hopes of addressing the extra http request ...

7 years, 6 months ago (2013-06-11 17:54:20 UTC) #25

Ken Russell (switch to Gerrit)

LGTM again assuming it still passes the WebGL video conformance tests.

7 years, 6 months ago (2013-06-11 20:11:45 UTC) #26

scherkus (not reviewing)

don't forget to update the CL description based on new implementation lgtm w/ nits https://codereview.chromium.org/16327002/diff/49001/webkit/renderer/media/android/webmediaplayer_android.cc ...

7 years, 6 months ago (2013-06-12 01:37:58 UTC) #27

Sami

Thanks all, all nits addressed (and the WebGL test still passes). https://codereview.chromium.org/16327002/diff/49001/webkit/renderer/media/android/webmediaplayer_android.cc File webkit/renderer/media/android/webmediaplayer_android.cc (right): ...

7 years, 6 months ago (2013-06-12 13:59:30 UTC) #28

Sami

Adding +asvitkine@ for tools/metrics/histograms/histograms.xml, thanks!

7 years, 6 months ago (2013-06-12 14:01:14 UTC) #29

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/[email protected]/16327002/58001

7 years, 6 months ago (2013-06-12 14:54:15 UTC) #31

Message was sent while issue was closed.

Change committed as 205853

Expand Messages | Collapse Messages