summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAllan Sandfeld Jensen <allan.jensen@theqtcompany.com>2016-10-13 11:15:56 +0200
committerAllan Sandfeld Jensen <allan.jensen@qt.io>2016-10-13 11:55:35 +0000
commit0d81ad4493af918d6ca891a203f7e014fd18a81e (patch)
tree4f38317164f90da73197cf45d160a8e7779bc630
parentf9d3886fc09c0f46d97dc4fe59d2dd107e8676d3 (diff)
[Backport] Check CORS policy on redirect in TextTrackLoader
BUG=633885 TEST=new case in http/tests/security/text-track-crossorigin.html Review-Url: https://codereview.chromium.org/2367583002 Cr-Commit-Position: refs/heads/master@{#421919} (cherry picked from commit e99cc8e5a48ff4978d401c48a64f06649f647f3f) Review URL: https://codereview.chromium.org/2400433002 . (CVE-2016-5192) Change-Id: I170de7246df2d0b3a6461323b40cf95b23211054 Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
Diffstat
-rw-r--r--chromium/third_party/WebKit/Source/core/loader/TextTrackLoader.cpp12
-rw-r--r--chromium/third_party/WebKit/Source/core/loader/TextTrackLoader.h1
2 files changed, 13 insertions, 0 deletions
diff --git a/chromium/third_party/WebKit/Source/core/loader/TextTrackLoader.cpp b/chromium/third_party/WebKit/Source/core/loader/TextTrackLoader.cpp
index 75c0bcd6fb2..bcccaa6d211 100644
--- a/chromium/third_party/WebKit/Source/core/loader/TextTrackLoader.cpp
+++ b/chromium/third_party/WebKit/Source/core/loader/TextTrackLoader.cpp
@@ -68,6 +68,18 @@ void TextTrackLoader::cancelLoad()
clearResource();
}
+void TextTrackLoader::redirectReceived(Resource* resource, ResourceRequest& request, const ResourceResponse&)
+{
+ ASSERT(this->resource() == resource);
+ if (resource->options().corsEnabled == IsCORSEnabled || document().securityOrigin()->canRequestNoSuborigin(request.url()))
+ return;
+
+ corsPolicyPreventedLoad(document().securityOrigin(), request.url());
+ if (!m_cueLoadTimer.isActive())
+ m_cueLoadTimer.startOneShot(0, BLINK_FROM_HERE);
+ clearResource();
+}
+
void TextTrackLoader::dataReceived(Resource* resource, const char* data, size_t length)
{
ASSERT(this->resource() == resource);
diff --git a/chromium/third_party/WebKit/Source/core/loader/TextTrackLoader.h b/chromium/third_party/WebKit/Source/core/loader/TextTrackLoader.h
index a2760f416bc..548fd2d3300 100644
--- a/chromium/third_party/WebKit/Source/core/loader/TextTrackLoader.h
+++ b/chromium/third_party/WebKit/Source/core/loader/TextTrackLoader.h
@@ -71,6 +71,7 @@ public:
private:
// RawResourceClient
+ void redirectReceived(Resource*, ResourceRequest&, const ResourceResponse&) override;
void dataReceived(Resource*, const char* data, size_t length) override;
void notifyFinished(Resource*) override;
String debugName() const override { return "TextTrackLoader"; }
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-25 14:21:23 +0000