media/blink/url_index.cc - Issue 1993083002: The cross-origin checks in the multibuffer code are not sufficient, as they only trigger when a red…

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: media/blink/url_index.cc

Issue 1993083002: The cross-origin checks in the multibuffer code are not sufficient, as they only trigger when a red… (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@2704

Patch Set: Created 4 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « media/blink/url_index.h ('k') | third_party/WebKit/LayoutTests/http/tests/serviceworker/chromium/service-worker-mixed-response.html » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: media/blink/url_index.cc

diff --git a/media/blink/url_index.cc b/media/blink/url_index.cc

index 5f3f6f63698d1447c26e2e43b1a095ef7547ae47..66064f0344dceb5803b44265cd602b3b950a1b02 100644

--- a/media/blink/url_index.cc

+++ b/media/blink/url_index.cc

@@ -42,6 +42,7 @@ UrlData::UrlData(const GURL& url,

CORSMode cors_mode,

const base::WeakPtr<UrlIndex>& url_index)

: url_(url),

+ have_data_origin_(false),

cors_mode_(cors_mode),

url_index_(url_index),

length_(kPositionNotSpecified),

@@ -67,16 +68,18 @@ void UrlData::MergeFrom(const scoped_refptr<UrlData>& other) {

// We're merging from another UrlData that refers to the *same*

// resource, so when we merge the metadata, we can use the most

// optimistic values.

- DCHECK(thread_checker_.CalledOnValidThread());

- valid_until_ = std::max(valid_until_, other->valid_until_);

- // set_length() will not override the length if already known.

- set_length(other->length_);

- cacheable_ |= other->cacheable_;

- range_supported_ |= other->range_supported_;

- if (last_modified_.is_null()) {

- last_modified_ = other->last_modified_;

+ if (ValidateDataOrigin(other->data_origin_)) {

+ DCHECK(thread_checker_.CalledOnValidThread());

+ valid_until_ = std::max(valid_until_, other->valid_until_);

+ // set_length() will not override the length if already known.

+ set_length(other->length_);

+ cacheable_ |= other->cacheable_;

+ range_supported_ |= other->range_supported_;

+ if (last_modified_.is_null()) {

+ last_modified_ = other->last_modified_;

+ }

+ multibuffer()->MergeFrom(other->multibuffer());

}

- multibuffer()->MergeFrom(other->multibuffer());

}

void UrlData::set_cacheable(bool cacheable) {

@@ -123,6 +126,19 @@ void UrlData::Use() {

last_used_ = base::Time::Now();

}

+bool UrlData::ValidateDataOrigin(const GURL& origin) {

+ if (!have_data_origin_) {

+ data_origin_ = origin;

+ have_data_origin_ = true;

+ return true;

+ }

+ if (cors_mode_ == UrlData::CORS_UNSPECIFIED) {

+ return data_origin_ == origin;

+ }

+ // The actual cors checks is done in the net layer.

+ return true;

void UrlData::OnEmpty() {

DCHECK(thread_checker_.CalledOnValidThread());

base::MessageLoop::current()->PostTask(