Summary: | [Mac] CORS-compliant videos throw security errors when painting to Canvas | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Jer Noble <jer.noble> | ||||||||
Component: | New Bugs | Assignee: | Jer Noble <jer.noble> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | Normal | CC: | commit-queue | ||||||||
Priority: | P2 | ||||||||||
Version: | WebKit Nightly Build | ||||||||||
Hardware: | Unspecified | ||||||||||
OS: | Unspecified | ||||||||||
Attachments: |
|
Description
Jer Noble
2016-02-12 12:57:03 PST
Created attachment 271224 [details]
Patch
Comment on attachment 271224 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=271224&action=review > Source/WebCore/ChangeLog:4 > + [Mac] CORS-compliant videos throw security errors when painting to Canvas > + https://bugs.webkit.org/show_bug.cgi?id=154188 Please include the Radar number for posterity. > Source/WebCore/ChangeLog:9 > + Reviewed by NOBODY (OOPS!). > + > + Pass the CORS access check results from WebCoreNSURLSession to it's client, > + MediaPlayerPrivateAVFoundationObjC. This should really have a test. > Source/WebCore/platform/network/cocoa/WebCoreNSURLSession.h:52 > + Unknown, Nit: Instead of including this unused value, can you make "Fail" zero? Comment on attachment 271224 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=271224&action=review >> Source/WebCore/platform/network/cocoa/WebCoreNSURLSession.h:52 >> + Unknown, > > Nit: Instead of including this unused value, can you make "Fail" zero? This value is used, right? Could you explicitly initialize the value to Unknown? > Source/WebCore/platform/network/cocoa/WebCoreNSURLSession.mm:167 > + return _corsResults == WebCoreNSURLSessionCORSAccessCheckResults::Pass; ASSERT(_corsResults != WebCoreNSURLSessionCORSAccessCheckResults::Fail) before this. (In reply to comment #2) > Comment on attachment 271224 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=271224&action=review > > > Source/WebCore/ChangeLog:4 > > + [Mac] CORS-compliant videos throw security errors when painting to Canvas > > + https://bugs.webkit.org/show_bug.cgi?id=154188 > > Please include the Radar number for posterity. Ok. > > Source/WebCore/ChangeLog:9 > > + Reviewed by NOBODY (OOPS!). > > + > > + Pass the CORS access check results from WebCoreNSURLSession to it's client, > > + MediaPlayerPrivateAVFoundationObjC. > > This should really have a test. Technically, there already are three tests in http/tests/security. We can't enable them because there are platform requirements to enable this feature. > > Source/WebCore/platform/network/cocoa/WebCoreNSURLSession.h:52 > > + Unknown, > > Nit: Instead of including this unused value, can you make "Fail" zero? See below. (In reply to comment #3) > Comment on attachment 271224 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=271224&action=review > > >> Source/WebCore/platform/network/cocoa/WebCoreNSURLSession.h:52 > >> + Unknown, > > > > Nit: Instead of including this unused value, can you make "Fail" zero? > > This value is used, right? Could you explicitly initialize the value to > Unknown? Yes. > > Source/WebCore/platform/network/cocoa/WebCoreNSURLSession.mm:167 > > + return _corsResults == WebCoreNSURLSessionCORSAccessCheckResults::Pass; > > ASSERT(_corsResults != WebCoreNSURLSessionCORSAccessCheckResults::Fail) > before this. Ok. Enabling tests are covered by <https://bugs.webkit.org/show_bug.cgi?id=154462>. Created attachment 271763 [details]
Patch
Attachment 271763 [details] did not pass style-queue:
ERROR: Source/WebCore/platform/network/cocoa/WebCoreNSURLSession.mm:522: Place brace on its own line for function definitions. [whitespace/braces] [4]
Total errors found: 1 in 5 files
If any of these errors are false positives, please file a bug against check-webkit-style.
Created attachment 271767 [details]
Patch
Attachment 271767 [details] did not pass style-queue:
ERROR: Source/WebCore/platform/network/cocoa/WebCoreNSURLSession.mm:524: Place brace on its own line for function definitions. [whitespace/braces] [4]
Total errors found: 1 in 5 files
If any of these errors are false positives, please file a bug against check-webkit-style.
Comment on attachment 271767 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=271767&action=review > Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:2168 > +#if PLATFORM(IOS) || __MAC_OS_X_VERSION_MIN_REQUIRED >= 101100 Should this be strictly greater than? Committed r196827: <http://trac.webkit.org/changeset/196827> |