Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(631)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/core/html/HTMLMediaElement.cpp

Issue 286993008: For media element fetches, remove user:pass components always. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Improve comment Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « Source/core/html/HTMLMediaElement.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/html/HTMLMediaElement.cpp
diff --git a/Source/core/html/HTMLMediaElement.cpp b/Source/core/html/HTMLMediaElement.cpp
index 5989e22687f9677f46374eca682cd28eec45fbd8..353a74cdef599f2761aeba11b3b35ac465abfaf1 100644
--- a/Source/core/html/HTMLMediaElement.cpp
+++ b/Source/core/html/HTMLMediaElement.cpp
@@ -870,11 +870,10 @@ void HTMLMediaElement::loadResource(const KURL& url, ContentType& contentType, c
if (attemptLoad && canLoadURL(url, contentType, keySystem)) {
ASSERT(!webMediaPlayer());
- if (m_preload == MediaPlayer::None) {
+ if (m_preload == MediaPlayer::None)
m_delayingLoadForPreloadNone = true;
- } else {
- m_player->load(loadType(), m_currentSrc, corsMode());
- }
+ else
+ startPlayerLoad();
} else {
mediaLoadingFailed(MediaPlayer::FormatError);
}
@@ -887,6 +886,30 @@ void HTMLMediaElement::loadResource(const KURL& url, ContentType& contentType, c
renderer()->updateFromElement();
}
+void HTMLMediaElement::startPlayerLoad()
+{
+ // Filter out user:pass as those two URL components aren't
+ // considered for media resource fetches (including for the CORS
+ // use-credentials mode.) That behavior aligns with Gecko, with IE
+ // being more restrictive and not allowing fetches to such URLs.
+ //
+ // Spec reference: http://whatwg.org/c/#concept-media-load-resource
+ //
+ // FIXME: when the HTML spec switches to specifying resource
+ // fetches in terms of Fetch (http://fetch.spec.whatwg.org), and
+ // along with that potentially also specifying a setting for its
+ // 'authentication flag' to control how user:pass embedded in a
+ // media resource URL should be treated, then update the handling
+ // here to match.
+ KURL requestURL = m_currentSrc;
+ if (!requestURL.user().isEmpty())
+ requestURL.setUser(String());
+ if (!requestURL.pass().isEmpty())
+ requestURL.setPass(String());
+
+ m_player->load(loadType(), requestURL, corsMode());
+}
+
void HTMLMediaElement::setPlayerPreload()
{
m_player->setPreload(m_preload);
@@ -901,7 +924,7 @@ void HTMLMediaElement::startDelayedLoad()
m_delayingLoadForPreloadNone = false;
- m_player->load(loadType(), m_currentSrc, corsMode());
+ startPlayerLoad();
}
WebMediaPlayer::LoadType HTMLMediaElement::loadType() const
« no previous file with comments | « Source/core/html/HTMLMediaElement.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698