Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(751)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: media/base/android/java/src/org/chromium/media/MediaPlayerBridge.java

Issue 408873004: Fix for cross-origin video check for webgl on android (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: addressing kbr's comments Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/renderer/media/android/webmediaplayer_android.cc ('K') | « content/renderer/media/android/webmediaplayer_android.cc ('k') | media/base/android/media_player_android.h » ('j') | media/base/android/media_player_bridge.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: media/base/android/java/src/org/chromium/media/MediaPlayerBridge.java
diff --git a/media/base/android/java/src/org/chromium/media/MediaPlayerBridge.java b/media/base/android/java/src/org/chromium/media/MediaPlayerBridge.java
index 3de39cd80061fde7e83ea5955d3f5008bf9a1b57..a229cacd5ec3d6bcc867b6b04ec633617eb94540 100644
--- a/media/base/android/java/src/org/chromium/media/MediaPlayerBridge.java
+++ b/media/base/android/java/src/org/chromium/media/MediaPlayerBridge.java
@@ -8,6 +8,7 @@ import android.content.Context;
import android.media.MediaPlayer;
import android.net.Uri;
import android.os.AsyncTask;
+import android.os.Build;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Base64InputStream;
@@ -137,12 +138,20 @@ public class MediaPlayerBridge {
@CalledByNative
protected boolean setDataSource(
- Context context, String url, String cookies, String userAgent, boolean hideUrlLog) {
+ Context context, String url, String cookies, String userAgent, boolean hideUrlLog,
+ boolean hasSingleSecurityOrigin) {
Uri uri = Uri.parse(url);
HashMap<String, String> headersMap = new HashMap<String, String>();
if (hideUrlLog) headersMap.put("x-hide-urls-from-log", "true");
if (!TextUtils.isEmpty(cookies)) headersMap.put("Cookie", cookies);
if (!TextUtils.isEmpty(userAgent)) headersMap.put("User-Agent", userAgent);
+ // The security origin check is enforced for devices above K. For devices below K,
+ // the security impact is incomparable to the webgl issue it causes. Eventually, the
Ken Russell (switch to Gerrit) 2014/07/30 20:44:05 This comment is a little out of date now. Instead,
qinmin 2014/07/30 23:46:05 Done.
+ // issue will be resolved when most devices update to the latest version.
+ // http://crbug.com/358198.
+ if (hasSingleSecurityOrigin && Build.VERSION.SDK_INT > Build.VERSION_CODES.KITKAT) {
+ headersMap.put("allow-cross-domain-redirect", "false");
+ }
try {
getLocalPlayer().setDataSource(context, uri, headersMap);
return true;
« content/renderer/media/android/webmediaplayer_android.cc ('K') | « content/renderer/media/android/webmediaplayer_android.cc ('k') | media/base/android/media_player_android.h » ('j') | media/base/android/media_player_bridge.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698