Bug 99037

Summary:

[GStreamer] No CORS support for media elements

Product:

WebKit

Reporter:

Zan Dobersek <zan>

Component:

WebKitGTK

Assignee:

youenn fablet <youennf>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

agomez, bunhere, calvaris, cdumez, cgarcia, commit-queue, eric.carlson, glenn, gustavo, gyuyoung.kim, jer.noble, jinwoo7.song, menard, mrobinson, philipj, pnormand, sergio, vjaquez, youennf

Priority:

Keywords:

Gtk, LayoutTestFailure

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Bug Depends on:

131516

Bug Blocks:

Attachments:

Description	Flags
Patch	none
Patch	none
Disable access to CORS failing streams when crossOrigin attribute is set	none
fixed nullptr style issue	none
Updating after second reviews	none
Fixing crashes	none

Zan Dobersek

Reported 2012-10-11 06:06:51 PDT

There is currently no support for media elements in non-Chromium ports. This bug covers adding this for the GTK port. Covered by http/tests/security/video-cross-origin-readback.html.

Attachments
Patch (13.72 KB, patch) 2014-03-18 04:06 PDT, youenn fablet	no flags	Details Formatted Diff Diff
Patch (13.66 KB, patch) 2014-03-18 08:14 PDT, youenn fablet	no flags	Details Formatted Diff Diff
Disable access to CORS failing streams when crossOrigin attribute is set (19.71 KB, patch) 2014-03-20 02:05 PDT, youenn fablet	no flags	Details Formatted Diff Diff
fixed nullptr style issue (20.32 KB, patch) 2014-03-20 04:12 PDT, youenn fablet	no flags	Details Formatted Diff Diff
Updating after second reviews (20.33 KB, patch) 2014-04-10 07:23 PDT, youenn fablet	no flags	Details Formatted Diff Diff
Fixing crashes (20.36 KB, patch) 2014-04-11 06:04 PDT, youenn fablet	no flags	Details Formatted Diff Diff
Show Obsolete (5) View All Add attachment proposed patch, testcase, etc.

youenn fablet

Comment 1 2014-03-18 04:06:59 PDT

Created attachment 227027 [details] Patch

WebKit Commit Bot

Comment 2 2014-03-18 04:08:19 PDT

Attachment 227027 [details] did not pass style-queue: ERROR: Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:40: Alphabetical sorting problem. [build/include_order] [4] ERROR: Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:1026: Use 0 instead of NULL. [readability/null] [5] Total errors found: 2 in 8 files If any of these errors are false positives, please file a bug against check-webkit-style.

Philippe Normand

Comment 3 2014-03-18 04:23:12 PDT

Nice patch! Is the test also failing on EFL? I suppose it can also be unskipped for that port.

Jinwoo Song

Comment 4 2014-03-18 04:45:14 PDT

(In reply to comment #3) > Nice patch! Is the test also failing on EFL? I suppose it can also be unskipped for that port. Yes, EFL port may unskip the test case with this patch!

Xabier Rodríguez Calvar

Comment 5 2014-03-18 04:53:58 PDT

Comment on attachment 227027 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=227027&action=review > Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:456 > + priv->passedCORSChecks = FALSE; Should be false?

youenn fablet

Comment 6 2014-03-18 06:00:04 PDT

(In reply to comment #4) > (In reply to comment #3) > > Nice patch! Is the test also failing on EFL? I suppose it can also be unskipped for that port. > > Yes, EFL port may unskip the test case with this patch! I will unskip it and test EFL accordingly

youenn fablet

Comment 7 2014-03-18 06:09:55 PDT

(In reply to comment #6) > (In reply to comment #4) > > (In reply to comment #3) > > > Nice patch! Is the test also failing on EFL? I suppose it can also be unskipped for that port. > > > > Yes, EFL port may unskip the test case with this patch! > > I will unskip it and test EFL accordingly (In reply to comment #5) > (From update of attachment 227027 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=227027&action=review > > > Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:456 > > + priv->passedCORSChecks = FALSE; > > Should be false? I do not precisely know the expected coding rule. passedCORSChecks is currently defined as a gboolean, hence FALSE. But bool/false is fine by me if that is the preferred way.

Philippe Normand

Comment 8 2014-03-18 06:33:11 PDT

We indeed usually prefer non-GLib types wherever possible.

Martin Robinson

Comment 9 2014-03-18 06:44:40 PDT

Comment on attachment 227027 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=227027&action=review Nice fix. Some style nits: > Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:62 > + void handleResponseReceived(const ResourceResponse&, bool); You should use an enum for this parameter. > Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:140 > + gboolean passedCORSChecks; bool is the right type here. > Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:1020 > + RequestOriginPolicy corsPolicy = (corsMode != MediaPlayerClient::Unspecified) ? PotentiallyCrossOriginEnabled : UseDefaultOriginRestrictionsForType; > + StoredCredentials allowCredentials = (corsMode == MediaPlayerClient::UseCredentials) ? AllowStoredCredentials : DoNotAllowStoredCredentials; Nit: the parenthesis are unnecessary here. > Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:1026 > + m_origin = resourceLoader->document() ? resourceLoader->document()->securityOrigin() : NULL; You should use nullptr instead of NULL.

Eric Carlson

Comment 10 2014-03-18 07:22:54 PDT

Comment on attachment 227027 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=227027&action=review > Source/WebCore/platform/graphics/MediaPlayer.cpp:1230 > +Document* MediaPlayer::document() > +{ > + if (!m_mediaPlayerClient) > + return 0; > + > + return m_mediaPlayerClient->mediaPlayerOwningDocument(); > +} This is a layering violation, but it doesn't look like it is used. Why is this necessary?

youenn fablet

Comment 11 2014-03-18 07:28:14 PDT

(In reply to comment #10) > (From update of attachment 227027 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=227027&action=review > > > Source/WebCore/platform/graphics/MediaPlayer.cpp:1230 > > +Document* MediaPlayer::document() > > +{ > > + if (!m_mediaPlayerClient) > > + return 0; > > + > > + return m_mediaPlayerClient->mediaPlayerOwningDocument(); > > +} > > This is a layering violation, but it doesn't look like it is used. Why is this necessary? The goal is to get the SecurityOrigin and check CORS against it. Would it be better to add a SecurityOrigin getter instead?

youenn fablet

Comment 12 2014-03-18 07:30:54 PDT

(In reply to comment #11) > (In reply to comment #10) > > (From update of attachment 227027 [details] [details]) > > View in context: https://bugs.webkit.org/attachment.cgi?id=227027&action=review > > > > > Source/WebCore/platform/graphics/MediaPlayer.cpp:1230 > > > +Document* MediaPlayer::document() > > > +{ > > > + if (!m_mediaPlayerClient) > > > + return 0; > > > + > > > + return m_mediaPlayerClient->mediaPlayerOwningDocument(); > > > +} > > > > This is a layering violation, but it doesn't look like it is used. Why is this necessary? > > The goal is to get the SecurityOrigin and check CORS against it. > Would it be better to add a SecurityOrigin getter instead? Woups, I was too quick... Right, this function is no longer used. The security origin is retrieved from CachedResourceLoader->document(). I will remove this function

youenn fablet

Comment 13 2014-03-18 08:14:23 PDT

Created attachment 227051 [details] Patch Fixed style issues, removed MediaPlayer::document(), Updated EFL TestExpectations

youenn fablet

Comment 14 2014-03-20 02:05:22 PDT

Created attachment 227274 [details] Disable access to CORS failing streams when crossOrigin attribute is set

youenn fablet

Comment 15 2014-03-20 02:17:46 PDT

Last uploaded patch ensures that a stream that fails COR check is not played at all when crossOrigin attribute is set. This is consistent with other loaders. It seems to me though that these checks should best be handled at ResourceLoader level in the future. That would allow to put in common all these CORS checks that already appear at various places in WebKit. That would simplify future support of CORS in other places, like in the Mac counterpart of GStreamer.

Xabier Rodríguez Calvar

Comment 16 2014-03-20 02:55:28 PDT

Comment on attachment 227274 [details] Disable access to CORS failing streams when crossOrigin attribute is set View in context: https://bugs.webkit.org/attachment.cgi?id=227274&action=review > Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:843 > + GST_ELEMENT_ERROR(src, RESOURCE, READ, ("%s", "Cross-origin stream load denied by Cross-Origin Resource Sharing policy."), (0)); > + else > + GST_ELEMENT_ERROR(src, RESOURCE, READ, ("Received %d HTTP error code", response.httpStatusCode()), (0)); (0) -> (nullptr)

youenn fablet

Comment 17 2014-03-20 04:12:19 PDT

Created attachment 227281 [details] fixed nullptr style issue

youenn fablet

Comment 18 2014-04-09 06:49:27 PDT

Is there any other improvement I should bring to the patch?

Xabier Rodríguez Calvar

Comment 19 2014-04-09 07:43:59 PDT

Comment on attachment 227281 [details] fixed nullptr style issue View in context: https://bugs.webkit.org/attachment.cgi?id=227281&action=review Again my informal review: I have only some nits in the changelogs that you can fix when just before landing. Anyway as I am not reviewer, somebody should do a proper one and r+. > Source/WebCore/ChangeLog:27 > + Related test is http/tests/security/video-cross-origin-readback.html > + Disabled access to cross-origin streams that fail CORS check when crossorigin attribute is set. > + Related test is http/tests/security/video-cross-origin-accessfailure.html > + > + Tests: http/tests/security/video-cross-origin-accessfailure.html > + http/tests/security/video-cross-origin-accesssameorigin.html > + > + * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp: > + (WebCore::MediaPlayerPrivateGStreamer::didPassCORSAccessCheck): Return whether media is cross-origin (tainted) or not by querying the gstreamer source layer > + * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h: Added MediaPlayerPrivateGStreamer::didPassCORSAccessCheck declaration > + * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp: > + (webKitWebSrcStart): Passed CORS mode parameter to the streaming client. In case of CORS check failure, stop the resource loading > + (webKitSrcPassedCORSAccessCheck): Return whether CORS access control check was done and successful. > + (StreamingClient::handleResponseReceived): Take a parameter to assign the CORS access control check result > + (CachedResourceStreamingClient::CachedResourceStreamingClient): Updated setting of the ResourceLoaderOptions according CORS mode > + (CachedResourceStreamingClient::responseReceived): Check CORS > + (ResourceHandleStreamingClient::didReceiveResponse): No CORS check > + * platform/graphics/gstreamer/WebKitWebSourceGStreamer.h: Added webKitSrcPassedCORSAccessCheck declaration Nit: at the end of some sentences there is a missing ".". I say it because of coherence. > LayoutTests/ChangeLog:17 > + * platform/efl/TestExpectations: Enabled http/tests/security/video-cross-origin-readback.html Nit: Missing . > LayoutTests/ChangeLog:18 > + * platform/gtk/TestExpectations: ditto Nit: "Ditto." > LayoutTests/ChangeLog:19 > + * platform/mac/TestExpectations: Disabled http/tests/security/video-cross-origin-accessfailure.html Nit: Missing .

youenn fablet

Comment 20 2014-04-09 07:50:54 PDT

(In reply to comment #19) > (From update of attachment 227281 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=227281&action=review > > Again my informal review: I have only some nits in the changelogs that you can fix when just before landing. Anyway as I am not reviewer, somebody should do a proper one and r+. Thanks for the review. I will update the patch accordingly, then set r? and cq?.

Xabier Rodríguez Calvar

Comment 21 2014-04-09 08:56:47 PDT

(In reply to comment #20) > Thanks for the review. > I will update the patch accordingly, then set r? and cq?. Eric, Martin or Phil, who had commented on this, could do it.

Philippe Normand

Comment 22 2014-04-09 23:28:05 PDT

Comment on attachment 227281 [details] fixed nullptr style issue View in context: https://bugs.webkit.org/attachment.cgi?id=227281&action=review Looks quite good, thanks! We just need a final iteration I think :) > Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:841 > + GST_ELEMENT_ERROR(src, RESOURCE, READ, ("%s", "Cross-origin stream load denied by Cross-Origin Resource Sharing policy."), (nullptr)); What is the %s for there? > Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:1040 > + // FIXME: In case of PotentiallyCrossOriginEnabled policy, preflight mode should sometimes be used (not simple request headers). > + // But CachedResourceLoader does not support it. Use DocumentThreadableLoader instead? Can you please file a new bug for this and mention it in the comment?

youenn fablet

Comment 23 2014-04-10 01:26:48 PDT

(In reply to comment #22) > (From update of attachment 227281 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=227281&action=review > > Looks quite good, thanks! We just need a final iteration I think :) > > > Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:841 > > + GST_ELEMENT_ERROR(src, RESOURCE, READ, ("%s", "Cross-origin stream load denied by Cross-Origin Resource Sharing policy."), (nullptr)); > > What is the %s for there? > > > Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:1040 > > + // FIXME: In case of PotentiallyCrossOriginEnabled policy, preflight mode should sometimes be used (not simple request headers). > > + // But CachedResourceLoader does not support it. Use DocumentThreadableLoader instead? > > Can you please file a new bug for this and mention it in the comment? I filed bug 131484. Checking what others are doing, Blink decided to not use preflight (https://code.google.com/p/chromium/issues/detail?id=173727), which seems to make sense. I have not found information for Mozilla.

youenn fablet

Comment 24 2014-04-10 07:23:12 PDT

Created attachment 229048 [details] Updating after second reviews

WebKit Commit Bot

Comment 25 2014-04-10 08:46:36 PDT

Comment on attachment 229048 [details] Updating after second reviews Clearing flags on attachment: 229048 Committed r167073: <http://trac.webkit.org/changeset/167073>

WebKit Commit Bot

Comment 26 2014-04-10 08:46:45 PDT

All reviewed patches have been landed. Closing bug.

WebKit Commit Bot

Comment 27 2014-04-10 17:26:06 PDT

Re-opened since this is blocked by bug 131516

Martin Robinson

Comment 28 2014-04-10 18:02:46 PDT

Tests that crashed (5): flag all +media/video-canvas-drawing.html +media/video-canvas-drawing-output.html +media/W3C/audio/paused/paused_false_during_play.html +media/video-canvas-source.html +media/video-canvas-alpha.html

youenn fablet

Comment 29 2014-04-11 00:06:13 PDT

(In reply to comment #28) > Tests that crashed (5): flag all > > +media/video-canvas-drawing.html > +media/video-canvas-drawing-output.html > +media/W3C/audio/paused/paused_false_during_play.html > +media/video-canvas-source.html > +media/video-canvas-alpha.html Thanks for unrolling the patch. For those 5 tests, WebKitWebSrc->priv is null when calling webKitSrcPassedCORSAccessCheck, leading to the crashes. When running equivalent tests served through http, everything is fine.

Philippe Normand

Comment 30 2014-04-11 05:44:50 PDT

Will you provide an updated patch Youenn?

youenn fablet

Comment 31 2014-04-11 06:04:38 PDT

Created attachment 229130 [details] Fixing crashes

youenn fablet

Comment 32 2014-04-11 06:07:48 PDT

(In reply to comment #30) > Will you provide an updated patch Youenn? Patch is uploaded, which fixes MediaPlayerPrivateGStreamer::didPassCORSAccessCheck(). It is working fine with EFL-WK1 but I have a problem with my set-up and cannot test it right now for GTK-WK2. Once double checked, I will put it on review.

Philippe Normand

Comment 33 2014-04-11 06:15:17 PDT

Awesome thank for the follow-up :)

youenn fablet

Comment 34 2014-04-13 00:15:17 PDT

(In reply to comment #31) > Created an attachment (id=229130) [details] > Fixing crashes The identified crashes are gone with the latest patch on GTK-WK2.

Xabier Rodríguez Calvar

Comment 35 2014-04-13 00:29:48 PDT

(In reply to comment #34) > (In reply to comment #31) > > Created an attachment (id=229130) [details] [details] > > Fixing crashes > > The identified crashes are gone with the latest patch on GTK-WK2. Probably bug 131488.

WebKit Commit Bot

Comment 36 2014-04-13 02:33:57 PDT

Comment on attachment 229130 [details] Fixing crashes Clearing flags on attachment: 229130 Committed r167193: <http://trac.webkit.org/changeset/167193>

WebKit Commit Bot

Comment 37 2014-04-13 02:34:07 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.