Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(547)

Issue 1266953002: [Merge to M45]Check the response URL origin in BufferedDataSource to avoid mixing cross-origin resp… (Closed)

Created:
5 years, 4 months ago by horo
Modified:
5 years, 4 months ago
Reviewers:
CC:
chromium-reviews, feature-media-reviews_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@2454
Target Ref:
refs/pending/branch-heads/2454
Project:
chromium
Visibility:
Public.

Description

[Merge to M45]Check the response URL origin in BufferedDataSource to avoid mixing cross-origin responses. In current implementation malicious attackers can scan the bytes of cross-origin resources by mixing their generated bytes and the target response. See http://crbug.com/489060#c32 for details. To avoid this, we have to deny mixing cross-origin responses in the middle of playback. This CL introduces the check logic of the response URL origin of the partial responses. When BufferedDataSource receives the first HTTP responses, it remembers the original URL of it. And when BufferedDataSource receives the succeeding response, it checks the origin of the new response. If the origin is not same as the origin of the first response, the response is treated as an error. BUG=505829 TEST=media_blink_unittests with https://codereview.chromium.org/1221973002/, LayoutTests in https://codereview.chromium.org/1226473002/ Review URL: https://codereview.chromium.org/1220963004 Cr-Commit-Position: refs/heads/master@{#338620} (cherry picked from commit 7ab9c6c314f589251c85913bd0a360cba24eb76a) Committed: https://chromium.googlesource.com/chromium/src/+/3e9aa0c8778651c680d3144ceacd0ecb05494081

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+195 lines, -4 lines) Patch
M media/blink/buffered_data_source.h View 2 chunks +10 lines, -0 lines 0 comments Download
M media/blink/buffered_data_source.cc View 3 chunks +15 lines, -2 lines 0 comments Download
M media/blink/buffered_data_source_unittest.cc View 3 chunks +134 lines, -0 lines 0 comments Download
M media/blink/buffered_resource_loader.h View 2 chunks +7 lines, -0 lines 0 comments Download
M media/blink/buffered_resource_loader.cc View 1 chunk +3 lines, -0 lines 0 comments Download
M media/blink/test_response_generator.h View 1 chunk +12 lines, -0 lines 0 comments Download
M media/blink/test_response_generator.cc View 1 chunk +14 lines, -2 lines 0 comments Download

Messages

Total messages: 1 (0 generated)
horo
5 years, 4 months ago (2015-07-31 03:34:24 UTC) #1
Message was sent while issue was closed.
Committed patchset #1 (id:1) manually as
3e9aa0c8778651c680d3144ceacd0ecb05494081.

Powered by Google App Engine
This is Rietveld 408576698