Reviewed by Darin Adler.
Video fails to play on Vimeo
https://bugs.webkit.org/show_bug.cgi?id=61403
No new tests; Covered by media/video-canvas-source.html.
Vimeo redirects their assets from player.vimeo.com to av.vimeo.com, which is rejected
by AVFoundation and QTKit due to our setting a ForbidCrossSiteReference option when
creating an AVAsset or QTMovie. Instead, we should just reject local->remote and
remote->local and make our answer to hasSingleSecurityOrigin dynamic.
When checking whether a given request has a single security origin, use a
SecurityOrigin to check the host, port, and scheme.
* WebCore.exp.in:
* platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h:
(WebCore::MediaPlayerPrivateAVFoundation::assetURL): Added.
* platform/graphics/avfoundation/MediaPlayerPrivateAVFoundationObjC.h:
* platform/graphics/avfoundation/MediaPlayerPrivateAVFoundationObjC.mm:
(WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL): Exchange ForbidCrossSiteReference
for ForbidRemoteReferenceToLocal and ForbidLocalReferenceToRemote
(WebCore::MediaPlayerPrivateAVFoundationObjC::hasSingleSecurityOrigin): Check to see that the
requested and resolved URLs have the same host and port.
* platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
(WebCore::MediaPlayerPrivateQTKit::commonMovieAttributes): Exchange NoCrossSiteAttribute for
NoRemoteToLocalSiteAttribute and NoLocalToRemoteSiteAttribute.
(WebCore::MediaPlayerPrivateQTKit::hasSingleSecurityOrigin): Check to see that the
requested and resolved URLs have the same host and port.
* platform/mac/WebCoreSystemInterface.h: Added wkAVAssetResolvedURL.
* platform/mac/WebCoreSystemInterface.mm: Ditto.
2011-05-24 Jer Noble <jer.noble@apple.com>
Reviewed by Darin Adler.
Video fails to play on Vimeo
https://bugs.webkit.org/show_bug.cgi?id=61403
* WebCoreSupport/WebSystemInterface.mm:
(InitWebCoreSystemInterface): Added support for wkAVAssetResolvedURL and
wkQTMovieResolvedURL.
2011-05-24 Jer Noble <jer.noble@apple.com>
Reviewed by Darin Adler.
Video fails to play on Vimeo
https://bugs.webkit.org/show_bug.cgi?id=61403
* WebProcess/WebCoreSupport/mac/WebSystemInterface.mm:
(InitWebCoreSystemInterface): Added support for wkAVAssetResolvedURL and
wkQTMovieResolvedURL.
2011-05-25 Jer Noble <jer.noble@apple.com>
Reviewed by Darin Adler.
Video fails to play on Vimeo
https://bugs.webkit.org/show_bug.cgi?id=61403
Added functions to retrieve the resolved URL for media types supported on
mac.
* WebKitSystemInterface.h:
* WebKitSystemInterface.m:
(WKAVAssetResolvedURL): Added.
(WKQTMovieResolvedURL): Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@87328
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2011-05-24 Jer Noble <jer.noble@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Video fails to play on Vimeo
+ https://bugs.webkit.org/show_bug.cgi?id=61403
+
+ No new tests; Covered by media/video-canvas-source.html.
+
+ Vimeo redirects their assets from player.vimeo.com to av.vimeo.com, which is rejected
+ by AVFoundation and QTKit due to our setting a ForbidCrossSiteReference option when
+ creating an AVAsset or QTMovie. Instead, we should just reject local->remote and
+ remote->local and make our answer to hasSingleSecurityOrigin dynamic.
+
+ When checking whether a given request has a single security origin, use a
+ SecurityOrigin to check the host, port, and scheme.
+
+ * WebCore.exp.in:
+ * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h:
+ (WebCore::MediaPlayerPrivateAVFoundation::assetURL): Added.
+ * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundationObjC.h:
+ * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundationObjC.mm:
+ (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL): Exchange ForbidCrossSiteReference
+ for ForbidRemoteReferenceToLocal and ForbidLocalReferenceToRemote
+ (WebCore::MediaPlayerPrivateAVFoundationObjC::hasSingleSecurityOrigin): Check to see that the
+ requested and resolved URLs have the same host and port.
+ * platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
+ (WebCore::MediaPlayerPrivateQTKit::commonMovieAttributes): Exchange NoCrossSiteAttribute for
+ NoRemoteToLocalSiteAttribute and NoLocalToRemoteSiteAttribute.
+ (WebCore::MediaPlayerPrivateQTKit::hasSingleSecurityOrigin): Check to see that the
+ requested and resolved URLs have the same host and port.
+ * platform/mac/WebCoreSystemInterface.h: Added wkAVAssetResolvedURL.
+ * platform/mac/WebCoreSystemInterface.mm: Ditto.
+
2011-05-25 Andrew Scherkus <scherkus@chromium.org>
Reviewed by Eric Carlson.
_wkVerticalScrollbarPainterForController
_wkWillEndLiveResize
_wkWillStartLiveResize
+_wkQTMovieResolvedURL
+_wkAVAssetResolvedURL
#else
_wkGetNSEventMomentumPhase
#endif
virtual bool supportsAcceleratedRendering() const = 0;
virtual void acceleratedRenderingStateChanged();
#endif
- virtual bool hasSingleSecurityOrigin() const { return true; }
virtual MediaPlayer::MovieLoadType movieLoadType() const;
virtual void prepareForRendering();
virtual float mediaTimeForTimeValue(float) const = 0;
float invalidTime() const { return -1.0f; }
void invalidateCachedDuration();
+ const String& assetURL() const { return m_assetURL; }
private:
MediaPlayer* m_player;
virtual bool hasContextRenderer() const;
virtual bool hasLayerRenderer() const;
+ virtual bool hasSingleSecurityOrigin() const;
+
RetainPtr<CGImageRef> createImageForTimeInRect(float, const IntRect&);
MediaPlayer* m_player;
#import "GraphicsContext.h"
#import "KURL.h"
#import "Logging.h"
+#import "SecurityOrigin.h"
#import "SoftLinking.h"
#import "TimeRanges.h"
#import "WebCoreSystemInterface.h"
setDelayCallbacks(true);
NSDictionary *options = [NSDictionary dictionaryWithObjectsAndKeys:
- [NSNumber numberWithInt:AVAssetReferenceRestrictionForbidCrossSiteReference], AVURLAssetReferenceRestrictionsKey,
+ [NSNumber numberWithInt:AVAssetReferenceRestrictionForbidRemoteReferenceToLocal | AVAssetReferenceRestrictionForbidLocalReferenceToRemote], AVURLAssetReferenceRestrictionsKey,
nil];
NSURL *cocoaURL = KURL(ParsedURLString, url);
m_avAsset.adoptNS([[AVURLAsset alloc] initWithURL:cocoaURL options:options]);
setNaturalSize(IntSize(naturalSize));
}
+bool MediaPlayerPrivateAVFoundationObjC::hasSingleSecurityOrigin() const
+{
+ if (!m_avAsset)
+ return false;
+
+ RefPtr<SecurityOrigin> resolvedOrigin = SecurityOrigin::create(KURL(wkAVAssetResolvedURL(m_avAsset.get())));
+ RefPtr<SecurityOrigin> requestedOrigin = SecurityOrigin::createFromString(assetURL());
+ return resolvedOrigin->isSameSchemeHostPort(requestedOrigin.get());
+}
+
NSArray* assetMetadataKeyNames()
{
static NSArray* keys;
#import "GraphicsContext.h"
#import "KURL.h"
#import "MIMETypeRegistry.h"
+#import "SecurityOrigin.h"
#import "SoftLinking.h"
#import "TimeRanges.h"
#import "WebCoreSystemInterface.h"
SOFT_LINK_POINTER(QTKit, QTMovieURLAttribute, NSString *)
SOFT_LINK_POINTER(QTKit, QTMovieVolumeDidChangeNotification, NSString *)
SOFT_LINK_POINTER(QTKit, QTSecurityPolicyNoCrossSiteAttribute, NSString *)
+SOFT_LINK_POINTER(QTKit, QTSecurityPolicyNoLocalToRemoteSiteAttribute, NSString *)
+SOFT_LINK_POINTER(QTKit, QTSecurityPolicyNoRemoteToLocalSiteAttribute, NSString *)
SOFT_LINK_POINTER(QTKit, QTVideoRendererWebKitOnlyNewImageAvailableNotification, NSString *)
SOFT_LINK_POINTER(QTKit, QTMovieApertureModeClean, NSString *)
SOFT_LINK_POINTER(QTKit, QTMovieApertureModeAttribute, NSString *)
#define QTMovieURLAttribute getQTMovieURLAttribute()
#define QTMovieVolumeDidChangeNotification getQTMovieVolumeDidChangeNotification()
#define QTSecurityPolicyNoCrossSiteAttribute getQTSecurityPolicyNoCrossSiteAttribute()
+#define QTSecurityPolicyNoLocalToRemoteSiteAttribute getQTSecurityPolicyNoLocalToRemoteSiteAttribute()
+#define QTSecurityPolicyNoRemoteToLocalSiteAttribute getQTSecurityPolicyNoRemoteToLocalSiteAttribute()
#define QTVideoRendererWebKitOnlyNewImageAvailableNotification getQTVideoRendererWebKitOnlyNewImageAvailableNotification()
#define QTMovieApertureModeClean getQTMovieApertureModeClean()
#define QTMovieApertureModeAttribute getQTMovieApertureModeAttribute()
NSMutableDictionary *movieAttributes = [NSMutableDictionary dictionaryWithObjectsAndKeys:
[NSNumber numberWithBool:m_player->preservesPitch()], QTMovieRateChangesPreservePitchAttribute,
[NSNumber numberWithBool:YES], QTMoviePreventExternalURLLinksAttribute,
- [NSNumber numberWithBool:YES], QTSecurityPolicyNoCrossSiteAttribute,
+ [NSNumber numberWithBool:NO], QTSecurityPolicyNoCrossSiteAttribute,
+ [NSNumber numberWithBool:YES], QTSecurityPolicyNoRemoteToLocalSiteAttribute,
+ [NSNumber numberWithBool:YES], QTSecurityPolicyNoLocalToRemoteSiteAttribute,
[NSNumber numberWithBool:NO], QTMovieAskUnresolvedDataRefsAttribute,
[NSNumber numberWithBool:NO], QTMovieLoopsAttribute,
[NSNumber numberWithBool:!m_privateBrowsing], @"QTMovieAllowPersistentCacheAttribute",
bool MediaPlayerPrivateQTKit::hasSingleSecurityOrigin() const
{
- // We tell quicktime to disallow resources that come from different origins
- // so we know all media is single origin.
- return true;
+ if (!m_qtMovie)
+ return false;
+
+ RefPtr<SecurityOrigin> resolvedOrigin = SecurityOrigin::create(KURL(wkQTMovieResolvedURL(m_qtMovie.get())));
+ RefPtr<SecurityOrigin> requestedOrigin = SecurityOrigin::createFromString(m_movieURL);
+ return resolvedOrigin->isSameSchemeHostPort(requestedOrigin.get());
}
MediaPlayer::MovieLoadType MediaPlayerPrivateQTKit::movieLoadType() const
#endif
#ifdef __OBJC__
+@class AVAsset;
@class NSArray;
@class NSButtonCell;
@class NSData;
@class QTMovie;
@class QTMovieView;
#else
+class AVAsset;
class NSArray;
class NSButtonCell;
class NSData;
extern float (*wkQTMovieMaxTimeSeekable)(QTMovie*);
extern int (*wkQTMovieGetType)(QTMovie*);
extern BOOL (*wkQTMovieHasClosedCaptions)(QTMovie*);
+extern NSURL *(*wkQTMovieResolvedURL)(QTMovie*);
extern void (*wkQTMovieSetShowClosedCaptions)(QTMovie*, BOOL);
extern void (*wkQTMovieSelectPreferredAlternates)(QTMovie*);
extern void (*wkQTMovieViewSetDrawSynchronously)(QTMovieView*, BOOL);
extern bool (*wkExecutableWasLinkedOnOrBeforeSnowLeopard)(void);
extern CFStringRef (*wkCopyDefaultSearchProviderDisplayName)(void);
+
+extern NSURL *(*wkAVAssetResolvedURL)(AVAsset*);
#endif
extern void (*wkUnregisterUniqueIdForElement)(id element);
extern CFHTTPMessageRef (*wkGetCFURLResponseHTTPResponse)(CFURLResponseRef);
extern CFStringRef (*wkCopyCFURLResponseSuggestedFilename)(CFURLResponseRef);
extern void (*wkSetCFURLResponseMIMEType)(CFURLResponseRef, CFStringRef mimeType);
-
}
#endif
float (*wkQTMovieMaxTimeSeekable)(QTMovie*);
int (*wkQTMovieGetType)(QTMovie*);
BOOL (*wkQTMovieHasClosedCaptions)(QTMovie*);
+NSURL *(*wkQTMovieResolvedURL)(QTMovie*);
void (*wkQTMovieSetShowClosedCaptions)(QTMovie*, BOOL);
void (*wkQTMovieSelectPreferredAlternates)(QTMovie*);
void (*wkQTMovieViewSetDrawSynchronously)(QTMovieView*, BOOL);
bool (*wkExecutableWasLinkedOnOrBeforeSnowLeopard)(void);
CFStringRef (*wkCopyDefaultSearchProviderDisplayName)(void);
+
+NSURL *(*wkAVAssetResolvedURL)(AVAsset*);
#endif
void (*wkUnregisterUniqueIdForElement)(id element);
+2011-05-24 Jer Noble <jer.noble@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Video fails to play on Vimeo
+ https://bugs.webkit.org/show_bug.cgi?id=61403
+
+ * WebCoreSupport/WebSystemInterface.mm:
+ (InitWebCoreSystemInterface): Added support for wkAVAssetResolvedURL and
+ wkQTMovieResolvedURL.
+
2011-05-24 Keishi Hattori <keishi@webkit.org>
Reviewed by Kent Tamura.
INIT(QTMovieMaxTimeSeekable);
INIT(QTMovieGetType);
INIT(QTMovieHasClosedCaptions);
+ INIT(QTMovieResolvedURL);
INIT(QTMovieSetShowClosedCaptions);
INIT(QTMovieSelectPreferredAlternates);
INIT(QTMovieViewSetDrawSynchronously);
INIT(ScrollbarPainterUsesOverlayScrollers);
INIT(ExecutableWasLinkedOnOrBeforeSnowLeopard);
INIT(CopyDefaultSearchProviderDisplayName);
+ INIT(AVAssetResolvedURL);
#endif
INIT(GetAXTextMarkerTypeID);
+2011-05-24 Jer Noble <jer.noble@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Video fails to play on Vimeo
+ https://bugs.webkit.org/show_bug.cgi?id=61403
+
+ * WebProcess/WebCoreSupport/mac/WebSystemInterface.mm:
+ (InitWebCoreSystemInterface): Added support for wkAVAssetResolvedURL and
+ wkQTMovieResolvedURL.
+
2011-05-25 Jon Honeycutt <jhoneycutt@apple.com>
REGRESSION (WebKit2): Crash in Flash on USA Today photo gallery
INIT(QTMovieMaxTimeLoaded);
INIT(QTMovieMaxTimeLoadedChangeNotification);
INIT(QTMovieMaxTimeSeekable);
+ INIT(QTMovieResolvedURL);
INIT(QTMovieSelectPreferredAlternates);
INIT(QTMovieSetShowClosedCaptions);
INIT(QTMovieViewSetDrawSynchronously);
INIT(ScrollbarPainterUsesOverlayScrollers);
INIT(ExecutableWasLinkedOnOrBeforeSnowLeopard);
INIT(CopyDefaultSearchProviderDisplayName);
+ INIT(AVAssetResolvedURL);
#else
INIT(GetHyphenationLocationBeforeIndex);
INIT(GetNSEventMomentumPhase);
+2011-05-25 Jer Noble <jer.noble@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Video fails to play on Vimeo
+ https://bugs.webkit.org/show_bug.cgi?id=61403
+
+ Added functions to retrieve the resolved URL for media types supported on
+ mac.
+
+ * WebKitSystemInterface.h:
+ * WebKitSystemInterface.m:
+ (WKAVAssetResolvedURL): Added.
+ (WKQTMovieResolvedURL): Added.
+
2011-05-24 Keishi Hattori <keishi@webkit.org>
Reviewed by Kent Tamura.
@class QTMovie;
@class QTMovieView;
+@class AVAsset;
#ifdef __cplusplus
extern "C" {
NSString *WKQTMovieMaxTimeLoadedChangeNotification(void);
void WKQTMovieViewSetDrawSynchronously(QTMovieView* view, BOOL sync);
void WKQTMovieDisableComponent(uint32_t[5]);
+NSURL *WKQTMovieResolvedURL(QTMovie* movie);
CFStringRef WKCopyFoundationCacheDirectory(void);
void WKShowWordDefinitionWindow(NSAttributedString *term, NSPoint screenPoint, NSDictionary *options);
void WKHideWordDefinitionWindow(void);
+NSURL* WKAVAssetResolvedURL(AVAsset*);
#endif
#ifdef __cplusplus