OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "media/blink/buffered_data_source.h" | 5 #include "media/blink/buffered_data_source.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "base/callback_helpers.h" | 8 #include "base/callback_helpers.h" |
9 #include "base/location.h" | 9 #include "base/location.h" |
10 #include "base/single_thread_task_runner.h" | 10 #include "base/single_thread_task_runner.h" |
11 #include "media/base/media_log.h" | 11 #include "media/base/media_log.h" |
12 #include "net/base/net_errors.h" | 12 #include "net/base/net_errors.h" |
| 13 #include "third_party/WebKit/public/platform/WebSecurityOrigin.h" |
| 14 #include "third_party/WebKit/public/web/WebFrame.h" |
13 | 15 |
14 using blink::WebFrame; | 16 using blink::WebFrame; |
15 | 17 |
16 namespace { | 18 namespace { |
17 | 19 |
18 // BufferedDataSource has an intermediate buffer, this value governs the initial | 20 // BufferedDataSource has an intermediate buffer, this value governs the initial |
19 // size of that buffer. It is set to 32KB because this is a typical read size | 21 // size of that buffer. It is set to 32KB because this is a typical read size |
20 // of FFmpeg. | 22 // of FFmpeg. |
21 const int kInitialReadBufferSize = 32768; | 23 const int kInitialReadBufferSize = 32768; |
22 | 24 |
(...skipping 326 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
349 | 351 |
350 bool init_cb_is_null = false; | 352 bool init_cb_is_null = false; |
351 { | 353 { |
352 base::AutoLock auto_lock(lock_); | 354 base::AutoLock auto_lock(lock_); |
353 init_cb_is_null = init_cb_.is_null(); | 355 init_cb_is_null = init_cb_.is_null(); |
354 } | 356 } |
355 if (init_cb_is_null) { | 357 if (init_cb_is_null) { |
356 loader_->Stop(); | 358 loader_->Stop(); |
357 return; | 359 return; |
358 } | 360 } |
| 361 response_original_url_ = loader_->response_original_url(); |
359 | 362 |
360 // All responses must be successful. Resources that are assumed to be fully | 363 // All responses must be successful. Resources that are assumed to be fully |
361 // buffered must have a known content length. | 364 // buffered must have a known content length. |
362 bool success = status == BufferedResourceLoader::kOk && | 365 bool success = status == BufferedResourceLoader::kOk && |
363 (!assume_fully_buffered() || | 366 (!assume_fully_buffered() || |
364 loader_->instance_size() != kPositionNotSpecified); | 367 loader_->instance_size() != kPositionNotSpecified); |
365 | 368 |
366 if (success) { | 369 if (success) { |
367 total_bytes_ = loader_->instance_size(); | 370 total_bytes_ = loader_->instance_size(); |
368 streaming_ = | 371 streaming_ = |
(...skipping 27 matching lines...) Expand all Loading... |
396 loader_->range_supported()); | 399 loader_->range_supported()); |
397 } | 400 } |
398 | 401 |
399 base::ResetAndReturn(&init_cb_).Run(success); | 402 base::ResetAndReturn(&init_cb_).Run(success); |
400 } | 403 } |
401 | 404 |
402 void BufferedDataSource::PartialReadStartCallback( | 405 void BufferedDataSource::PartialReadStartCallback( |
403 BufferedResourceLoader::Status status) { | 406 BufferedResourceLoader::Status status) { |
404 DCHECK(render_task_runner_->BelongsToCurrentThread()); | 407 DCHECK(render_task_runner_->BelongsToCurrentThread()); |
405 DCHECK(loader_.get()); | 408 DCHECK(loader_.get()); |
406 | 409 if (status == BufferedResourceLoader::kOk && |
407 if (status == BufferedResourceLoader::kOk) { | 410 CheckPartialResponseURL(loader_->response_original_url())) { |
408 // Once the request has started successfully, we can proceed with | 411 // Once the request has started successfully, we can proceed with |
409 // reading from it. | 412 // reading from it. |
410 ReadInternal(); | 413 ReadInternal(); |
411 return; | 414 return; |
412 } | 415 } |
413 | 416 |
414 // Stop the resource loader since we have received an error. | 417 // Stop the resource loader since we have received an error. |
415 loader_->Stop(); | 418 loader_->Stop(); |
416 | 419 |
417 // TODO(scherkus): we shouldn't have to lock to signal host(), see | 420 // TODO(scherkus): we shouldn't have to lock to signal host(), see |
418 // http://crbug.com/113712 for details. | 421 // http://crbug.com/113712 for details. |
419 base::AutoLock auto_lock(lock_); | 422 base::AutoLock auto_lock(lock_); |
420 if (stop_signal_received_) | 423 if (stop_signal_received_) |
421 return; | 424 return; |
422 ReadOperation::Run(read_op_.Pass(), kReadError); | 425 ReadOperation::Run(read_op_.Pass(), kReadError); |
423 } | 426 } |
424 | 427 |
| 428 bool BufferedDataSource::CheckPartialResponseURL( |
| 429 const GURL& partial_response_original_url) const { |
| 430 // We check the redirected URL of partial responses in case malicious |
| 431 // attackers scan the bytes of other origin resources by mixing their |
| 432 // generated bytes and the target response. See http://crbug.com/489060#c32 |
| 433 // for details. |
| 434 |
| 435 // If the SecurityOrigin of the frame can read content of the new response, we |
| 436 // accept. |
| 437 if (frame_->securityOrigin().canRequest(partial_response_original_url)) |
| 438 return true; |
| 439 |
| 440 // If the response is generated in a Service Worker we accept. The Service |
| 441 // Worker script must be in the same origin as document requesting this URL, |
| 442 // so the response can be readable by the document. |
| 443 if (partial_response_original_url.is_empty()) |
| 444 return true; |
| 445 |
| 446 // If the origin of the new response is different from the first response we |
| 447 // deny the redirected response. |
| 448 return response_original_url_.GetOrigin() == |
| 449 partial_response_original_url.GetOrigin(); |
| 450 } |
| 451 |
425 void BufferedDataSource::ReadCallback( | 452 void BufferedDataSource::ReadCallback( |
426 BufferedResourceLoader::Status status, | 453 BufferedResourceLoader::Status status, |
427 int bytes_read) { | 454 int bytes_read) { |
428 DCHECK(render_task_runner_->BelongsToCurrentThread()); | 455 DCHECK(render_task_runner_->BelongsToCurrentThread()); |
429 | 456 |
430 // TODO(scherkus): we shouldn't have to lock to signal host(), see | 457 // TODO(scherkus): we shouldn't have to lock to signal host(), see |
431 // http://crbug.com/113712 for details. | 458 // http://crbug.com/113712 for details. |
432 base::AutoLock auto_lock(lock_); | 459 base::AutoLock auto_lock(lock_); |
433 if (stop_signal_received_) | 460 if (stop_signal_received_) |
434 return; | 461 return; |
(...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
551 } | 578 } |
552 | 579 |
553 // If media is currently playing or the page indicated preload=auto or the | 580 // If media is currently playing or the page indicated preload=auto or the |
554 // the server does not support the byte range request or we do not want to go | 581 // the server does not support the byte range request or we do not want to go |
555 // too far ahead of the read head, use threshold strategy to enable/disable | 582 // too far ahead of the read head, use threshold strategy to enable/disable |
556 // deferring when the buffer is full/depleted. | 583 // deferring when the buffer is full/depleted. |
557 loader_->UpdateDeferStrategy(BufferedResourceLoader::kCapacityDefer); | 584 loader_->UpdateDeferStrategy(BufferedResourceLoader::kCapacityDefer); |
558 } | 585 } |
559 | 586 |
560 } // namespace media | 587 } // namespace media |
OLD | NEW |