Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(166)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/media/media_stream_devices_controller.cc

Issue 969773002: Remove check of security origin of all ancestors when getUserMedia is called. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/media/media_stream_devices_controller.h" 5 #include "chrome/browser/media/media_stream_devices_controller.h"
6 6
7 #include "base/metrics/histogram.h" 7 #include "base/metrics/histogram.h"
8 #include "base/prefs/scoped_user_pref_update.h" 8 #include "base/prefs/scoped_user_pref_update.h"
9 #include "base/strings/utf_string_conversions.h" 9 #include "base/strings/utf_string_conversions.h"
10 #include "base/values.h" 10 #include "base/values.h"
(...skipping 405 matching lines...) Expand 10 before | Expand all | Expand 10 after
416 content::MEDIA_DEVICE_NO_HARDWARE : content::MEDIA_DEVICE_OK, 416 content::MEDIA_DEVICE_NO_HARDWARE : content::MEDIA_DEVICE_OK,
417 ui.Pass()); 417 ui.Pass());
418 } 418 }
419 419
420 void MediaStreamDevicesController::Deny( 420 void MediaStreamDevicesController::Deny(
421 bool update_content_setting, 421 bool update_content_setting,
422 content::MediaStreamRequestResult result) { 422 content::MediaStreamRequestResult result) {
423 DLOG(WARNING) << "MediaStreamDevicesController::Deny: " << result; 423 DLOG(WARNING) << "MediaStreamDevicesController::Deny: " << result;
424 NotifyUIRequestDenied(); 424 NotifyUIRequestDenied();
425 425
426 if (update_content_setting && request_.all_ancestors_have_same_origin) { 426 if (update_content_setting) {
427 // Store sticky permissions if |update_content_setting| and the request 427 // Store sticky permissions if |update_content_setting|.
tommi (sloooow) - chröme 2015/03/03 11:43:21 nit: I don't think this comment adds much
428 // is not done from an iframe where the ancestor has a different origin.
429 CHECK_EQ(content::MEDIA_DEVICE_PERMISSION_DENIED, result); 428 CHECK_EQ(content::MEDIA_DEVICE_PERMISSION_DENIED, result);
430 StorePermission(false); 429 StorePermission(false);
431 } 430 }
432 431
433 content::MediaResponseCallback cb = callback_; 432 content::MediaResponseCallback cb = callback_;
434 callback_.Reset(); 433 callback_.Reset();
435 cb.Run(content::MediaStreamDevices(), 434 cb.Run(content::MediaStreamDevices(),
436 result, 435 result,
437 scoped_ptr<content::MediaStreamUI>()); 436 scoped_ptr<content::MediaStreamUI>());
438 } 437 }
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after
493 UMA_HISTOGRAM_ENUMERATION("Media.DevicePermissionActions", 492 UMA_HISTOGRAM_ENUMERATION("Media.DevicePermissionActions",
494 kCancel, kPermissionActionsMax); 493 kCancel, kPermissionActionsMax);
495 Deny(false, content::MEDIA_DEVICE_PERMISSION_DISMISSED); 494 Deny(false, content::MEDIA_DEVICE_PERMISSION_DISMISSED);
496 } 495 }
497 496
498 void MediaStreamDevicesController::RequestFinished() { 497 void MediaStreamDevicesController::RequestFinished() {
499 delete this; 498 delete this;
500 } 499 }
501 500
502 bool MediaStreamDevicesController::IsRequestAllowedByDefault() const { 501 bool MediaStreamDevicesController::IsRequestAllowedByDefault() const {
503 // If not all ancestors of the requesting frame have the same origin, do not
504 // allow the request per default.
505 if (!request_.all_ancestors_have_same_origin)
506 return false;
507
508 // The request from internal objects like chrome://URLs is always allowed. 502 // The request from internal objects like chrome://URLs is always allowed.
509 if (CheckAllowAllMediaStreamContentForOrigin(profile_, 503 if (CheckAllowAllMediaStreamContentForOrigin(profile_,
510 request_.security_origin)) { 504 request_.security_origin)) {
511 return true; 505 return true;
512 } 506 }
513 507
514 struct { 508 struct {
515 bool has_capability; 509 bool has_capability;
516 const char* policy_name; 510 const char* policy_name;
517 const char* list_policy_name; 511 const char* list_policy_name;
(...skipping 165 matching lines...) Expand 10 before | Expand all | Expand 10 after
683 } 677 }
684 678
685 bool MediaStreamDevicesController::IsCaptureDeviceRequestAllowed() const { 679 bool MediaStreamDevicesController::IsCaptureDeviceRequestAllowed() const {
686 #if defined(OS_ANDROID) 680 #if defined(OS_ANDROID)
687 // Don't approve device requests if the tab was hidden. 681 // Don't approve device requests if the tab was hidden.
688 // TODO(qinmin): Add a test for this. http://crbug.com/396869. 682 // TODO(qinmin): Add a test for this. http://crbug.com/396869.
689 return web_contents_->GetRenderWidgetHostView()->IsShowing(); 683 return web_contents_->GetRenderWidgetHostView()->IsShowing();
690 #endif 684 #endif
691 return true; 685 return true;
692 } 686 }
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698