diff options
author | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2016-10-13 11:15:56 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2016-10-13 11:55:35 +0000 |
commit | 0d81ad4493af918d6ca891a203f7e014fd18a81e (patch) | |
tree | 4f38317164f90da73197cf45d160a8e7779bc630 | |
parent | f9d3886fc09c0f46d97dc4fe59d2dd107e8676d3 (diff) |
[Backport] Check CORS policy on redirect in TextTrackLoader
BUG=633885
TEST=new case in http/tests/security/text-track-crossorigin.html
Review-Url: https://codereview.chromium.org/2367583002
Cr-Commit-Position: refs/heads/master@{#421919}
(cherry picked from commit e99cc8e5a48ff4978d401c48a64f06649f647f3f)
Review URL: https://codereview.chromium.org/2400433002 .
(CVE-2016-5192)
Change-Id: I170de7246df2d0b3a6461323b40cf95b23211054
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
-rw-r--r-- | chromium/third_party/WebKit/Source/core/loader/TextTrackLoader.cpp | 12 | ||||
-rw-r--r-- | chromium/third_party/WebKit/Source/core/loader/TextTrackLoader.h | 1 |
2 files changed, 13 insertions, 0 deletions
diff --git a/chromium/third_party/WebKit/Source/core/loader/TextTrackLoader.cpp b/chromium/third_party/WebKit/Source/core/loader/TextTrackLoader.cpp index 75c0bcd6fb2..bcccaa6d211 100644 --- a/chromium/third_party/WebKit/Source/core/loader/TextTrackLoader.cpp +++ b/chromium/third_party/WebKit/Source/core/loader/TextTrackLoader.cpp @@ -68,6 +68,18 @@ void TextTrackLoader::cancelLoad() clearResource(); } +void TextTrackLoader::redirectReceived(Resource* resource, ResourceRequest& request, const ResourceResponse&) +{ + ASSERT(this->resource() == resource); + if (resource->options().corsEnabled == IsCORSEnabled || document().securityOrigin()->canRequestNoSuborigin(request.url())) + return; + + corsPolicyPreventedLoad(document().securityOrigin(), request.url()); + if (!m_cueLoadTimer.isActive()) + m_cueLoadTimer.startOneShot(0, BLINK_FROM_HERE); + clearResource(); +} + void TextTrackLoader::dataReceived(Resource* resource, const char* data, size_t length) { ASSERT(this->resource() == resource); diff --git a/chromium/third_party/WebKit/Source/core/loader/TextTrackLoader.h b/chromium/third_party/WebKit/Source/core/loader/TextTrackLoader.h index a2760f416bc..548fd2d3300 100644 --- a/chromium/third_party/WebKit/Source/core/loader/TextTrackLoader.h +++ b/chromium/third_party/WebKit/Source/core/loader/TextTrackLoader.h @@ -71,6 +71,7 @@ public: private: // RawResourceClient + void redirectReceived(Resource*, ResourceRequest&, const ResourceResponse&) override; void dataReceived(Resource*, const char* data, size_t length) override; void notifyFinished(Resource*) override; String debugName() const override { return "TextTrackLoader"; } |