Bug 1495359 - FeaturePolicy: encrypted-media, r=cpearce
authorAndrea Marchesini <amarchesini@mozilla.com>
Tue, 02 Oct 2018 11:55:27 +0200
changeset 439165 2a4364e194c593caf63aa1aadc221d9f7ee551af
parent 439164 902c00aa8bbeec7bf28df9785b20062f8cba278b
child 439166 0516dd5fc8ac760b53aecd749283915ecac875c5
push id34757
push userrgurzau@mozilla.com
push dateTue, 02 Oct 2018 16:04:13 +0000
treeherdermozilla-central@17c314f6930d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerscpearce
bugs1495359
milestone64.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1495359 - FeaturePolicy: encrypted-media, r=cpearce
dom/base/Navigator.cpp
dom/security/featurepolicy/FeaturePolicyUtils.cpp
testing/web-platform/meta/encrypted-media/__dir__.ini
testing/web-platform/meta/encrypted-media/clearkey-mp4-unique-origin.https.html.ini
testing/web-platform/meta/encrypted-media/encrypted-media-default-feature-policy.https.sub.html.ini
--- a/dom/base/Navigator.cpp
+++ b/dom/base/Navigator.cpp
@@ -31,16 +31,17 @@
 #include "nsContentUtils.h"
 #include "nsUnicharUtils.h"
 #include "mozilla/Preferences.h"
 #include "mozilla/StaticPrefs.h"
 #include "mozilla/Telemetry.h"
 #include "BatteryManager.h"
 #include "mozilla/dom/CredentialsContainer.h"
 #include "mozilla/dom/Clipboard.h"
+#include "mozilla/dom/FeaturePolicyUtils.h"
 #include "mozilla/dom/GamepadServiceTest.h"
 #include "mozilla/dom/MediaCapabilities.h"
 #include "mozilla/dom/WakeLock.h"
 #include "mozilla/dom/power/PowerManagerService.h"
 #include "mozilla/dom/MIDIAccessManager.h"
 #include "mozilla/dom/MIDIOptionsBinding.h"
 #include "mozilla/dom/Permissions.h"
 #include "mozilla/dom/Presentation.h"
@@ -1716,16 +1717,24 @@ Navigator::RequestMediaKeySystemAccess(c
                                     NS_LITERAL_CSTRING("Media"),
                                     doc,
                                     nsContentUtils::eDOM_PROPERTIES,
                                     "MediaEMEInsecureContextDeprecatedWarning",
                                     params,
                                     ArrayLength(params));
   }
 
+  nsIDocument* doc = mWindow->GetExtantDoc();
+  if (doc &&
+      !FeaturePolicyUtils::IsFeatureAllowed(doc,
+                                            NS_LITERAL_STRING("encrypted-media"))) {
+    aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
+    return nullptr;
+  }
+
   RefPtr<DetailedPromise> promise =
     DetailedPromise::Create(mWindow->AsGlobal(), aRv,
       NS_LITERAL_CSTRING("navigator.requestMediaKeySystemAccess"),
       Telemetry::VIDEO_EME_REQUEST_SUCCESS_LATENCY_MS,
       Telemetry::VIDEO_EME_REQUEST_FAILURE_LATENCY_MS);
   if (aRv.Failed()) {
     return nullptr;
   }
--- a/dom/security/featurepolicy/FeaturePolicyUtils.cpp
+++ b/dom/security/featurepolicy/FeaturePolicyUtils.cpp
@@ -24,17 +24,16 @@ struct FeatureMap {
  * IMPORTANT: Do not change this list without review from a DOM peer _AND_ a
  * DOM Security peer!
  */
 static FeatureMap sSupportedFeatures[] = {
   // TODO: not supported yet!!!
   { "autoplay", FeatureMap::eSelf },
   // TODO: not supported yet!!!
   { "camera", FeatureMap::eSelf  },
-  // TODO: not supported yet!!!
   { "encrypted-media", FeatureMap::eSelf  },
   // TODO: not supported yet!!!
   { "fullscreen", FeatureMap::eSelf  },
   // TODO: not supported yet!!!
   { "geolocation", FeatureMap::eSelf  },
   // TODO: not supported yet!!!
   { "microphone", FeatureMap::eSelf  },
   { "midi", FeatureMap::eSelf  },
--- a/testing/web-platform/meta/encrypted-media/__dir__.ini
+++ b/testing/web-platform/meta/encrypted-media/__dir__.ini
@@ -1,1 +1,2 @@
+prefs: [dom.security.featurePolicy.enabled:true]
 lsan-allowed: [Alloc, MakeUnique, Malloc, NewPage, Realloc, mozilla::EMEDecryptor::EMEDecryptor, mozilla::SchedulerGroup::CreateEventTargetFor, CreateCDMProxy, mozilla::dom::MediaKeys::CreateCDMProxy, mozilla::dom::nsIContentChild::GetConstructedEventTarget]
deleted file mode 100644
--- a/testing/web-platform/meta/encrypted-media/clearkey-mp4-unique-origin.https.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[clearkey-mp4-unique-origin.https.html]
-  [Unique origin is unable to create MediaKeys]
-    expected: FAIL
-
--- a/testing/web-platform/meta/encrypted-media/encrypted-media-default-feature-policy.https.sub.html.ini
+++ b/testing/web-platform/meta/encrypted-media/encrypted-media-default-feature-policy.https.sub.html.ini
@@ -1,11 +1,8 @@
 [encrypted-media-default-feature-policy.https.sub.html]
   expected: TIMEOUT
   [Default "encrypted-media" feature policy ["self"\] allows same-origin iframes.]
     expected: TIMEOUT
 
-  [Default "encrypted-media" feature policy ["self"\] disallows cross-origin iframes.]
-    expected: FAIL
-
   [Feature policy "encrypted-media" can be enabled in cross-origin iframes using "allow" attribute.]
     expected: FAIL