Bug 1450853 - Use Generic Error for 3rdparty MediaElement r=ckerschb,smaug
☠☠ backed out by df41fdf433a3 ☠ ☠
authorSebastian Streich <sstreich@mozilla.com>
Tue, 14 Jul 2020 11:16:24 +0000
changeset 540376 6b518e88bdf9f30c05c39694c134e16144293181
parent 540375 344cc585200c0bb4066fd6f02d2b4942071b7c00
child 540377 3348e8788f8de12fa01a4c29b2a994595b3a5e24
push id121663
push userrmaries@mozilla.com
push dateTue, 14 Jul 2020 11:39:32 +0000
treeherderautoland@6b518e88bdf9 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersckerschb, smaug
bugs1450853
milestone80.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1450853 - Use Generic Error for 3rdparty MediaElement r=ckerschb,smaug *** Add test Differential Revision: https://phabricator.services.mozilla.com/D80080
dom/html/HTMLMediaElement.cpp
dom/security/test/general/mochitest.ini
dom/security/test/general/test_bug1450853.html
--- a/dom/html/HTMLMediaElement.cpp
+++ b/dom/html/HTMLMediaElement.cpp
@@ -2346,17 +2346,30 @@ void HTMLMediaElement::AbortExistingLoad
   AssertReadyStateIsNothing();
 }
 
 void HTMLMediaElement::NoSupportedMediaSourceError(
     const nsACString& aErrorDetails) {
   if (mDecoder) {
     ShutdownDecoder();
   }
-  mErrorSink->SetError(MEDIA_ERR_SRC_NOT_SUPPORTED, aErrorDetails);
+
+  bool isThirdPartyLoad = false;
+  nsresult rv = mSrcAttrTriggeringPrincipal->IsThirdPartyURI(mLoadingSrc,
+                                                             &isThirdPartyLoad);
+  if (NS_SUCCEEDED(rv) && isThirdPartyLoad) {
+    // aErrorDetails can include sensitive details like MimeType or HTTP Status
+    // Code. In case we're loading a 3rd party resource we should not leak this
+    // and pass a Generic Error Message
+    mErrorSink->SetError(MEDIA_ERR_SRC_NOT_SUPPORTED,
+                         "Failed to open media"_ns);
+  } else {
+    mErrorSink->SetError(MEDIA_ERR_SRC_NOT_SUPPORTED, aErrorDetails);
+  }
+
   RemoveMediaTracks();
   ChangeDelayLoadStatus(false);
   UpdateAudioChannelPlayingState();
   RejectPromises(TakePendingPlayPromises(),
                  NS_ERROR_DOM_MEDIA_NOT_SUPPORTED_ERR);
 }
 
 typedef void (HTMLMediaElement::*SyncSectionFn)();
--- a/dom/security/test/general/mochitest.ini
+++ b/dom/security/test/general/mochitest.ini
@@ -58,8 +58,9 @@ skip-if = !debug
 [test_same_site_cookies_laxByDefault.html]
 skip-if =  debug
 support-files = closeWindow.sjs
 [test_xfo_error_page.html]
 support-files = file_xfo_error_page.sjs
 [test_sec_fetch_websocket.html]
 skip-if = toolkit == 'android' # no websocket support Bug 982828
 support-files = file_sec_fetch_websocket_wsh.py
+[test_bug1450853.html]
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/dom/security/test/general/test_bug1450853.html
@@ -0,0 +1,58 @@
+<!DOCTYPE html>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=1450853
+-->
+<head>
+<meta charset="utf-8">
+<title>Test for Cross-origin resouce status leak via MediaError</title>
+<script src="/tests/SimpleTest/SimpleTest.js"></script>
+<script src="/tests/SimpleTest/ChromeTask.js"></script>
+<link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"/>
+
+<audio autoplay id="audio"></audio>
+
+<script type="application/javascript">
+
+/** Test for Bug 1450853 **/
+CONST_GENERIC_ERROR_MESSAGE = "Failed to open media";
+
+add_task(function() {
+  return new Promise((resolve) => {
+      let audioElement = document.getElementById("audio");
+
+      audioElement.onerror = function() {
+      let err = this.error;    
+      let message = err.message;
+      info(`Got Audio Error -> ${message}`);
+      ok(message.includes("404"), "Same-Origin Error Message may contain status data");
+      resolve();
+    };
+  audioElement.src = "/media/test.mp3";
+  });
+});
+
+add_task(function() {
+  return new Promise((resolve) => {
+      let audioElement = document.getElementById("audio");
+
+      audioElement.onerror = function() {
+      let err = this.error;    
+      let message = err.message;
+      
+      info(`Got Audio Error -> ${message}`);
+      is(message,CONST_GENERIC_ERROR_MESSAGE, "Cross-Origin Error Message is only Generic");
+      resolve();
+    };
+  audioElement.src = "https://example.com/media/test.mp3";
+  });
+});
+
+</script>
+</head>
+
+<body>
+    <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1450853">Mozilla Bug 1450853</a>
+    <iframe width="0" height="0"></iframe>
+  </body>
+</html>