Bug 1450853 - Use Generic Error for 3rdparty MediaElement r=ckerschb,smaug
authorSebastian Streich <sstreich@mozilla.com>
Thu, 16 Jul 2020 12:03:38 +0000
changeset 540714 b8f37ab6318150a94022625b0500efce2c456947
parent 540713 7e7affa995d31d0325c26d7a9994971e7682f3a0
child 540715 eb5a4ce59de75db506b67354d71cd746b20bb51b
push id37608
push userapavel@mozilla.com
push dateThu, 16 Jul 2020 21:27:37 +0000
treeherdermozilla-central@a35461d1fc07 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersckerschb, smaug
bugs1450853
milestone80.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1450853 - Use Generic Error for 3rdparty MediaElement r=ckerschb,smaug *** Add test Differential Revision: https://phabricator.services.mozilla.com/D80080
dom/html/HTMLMediaElement.cpp
dom/security/test/general/mochitest.ini
dom/security/test/general/test_bug1450853.html
--- a/dom/html/HTMLMediaElement.cpp
+++ b/dom/html/HTMLMediaElement.cpp
@@ -2349,17 +2349,34 @@ void HTMLMediaElement::AbortExistingLoad
   AssertReadyStateIsNothing();
 }
 
 void HTMLMediaElement::NoSupportedMediaSourceError(
     const nsACString& aErrorDetails) {
   if (mDecoder) {
     ShutdownDecoder();
   }
-  mErrorSink->SetError(MEDIA_ERR_SRC_NOT_SUPPORTED, aErrorDetails);
+
+  bool isThirdPartyLoad = false;
+  nsresult rv = NS_ERROR_NOT_AVAILABLE;
+  if (mSrcAttrTriggeringPrincipal) {
+    rv = mSrcAttrTriggeringPrincipal->IsThirdPartyURI(mLoadingSrc,
+                                                      &isThirdPartyLoad);
+  }
+
+  if (NS_SUCCEEDED(rv) && isThirdPartyLoad) {
+    // aErrorDetails can include sensitive details like MimeType or HTTP Status
+    // Code. In case we're loading a 3rd party resource we should not leak this
+    // and pass a Generic Error Message
+    mErrorSink->SetError(MEDIA_ERR_SRC_NOT_SUPPORTED,
+                         "Failed to open media"_ns);
+  } else {
+    mErrorSink->SetError(MEDIA_ERR_SRC_NOT_SUPPORTED, aErrorDetails);
+  }
+
   RemoveMediaTracks();
   ChangeDelayLoadStatus(false);
   UpdateAudioChannelPlayingState();
   RejectPromises(TakePendingPlayPromises(),
                  NS_ERROR_DOM_MEDIA_NOT_SUPPORTED_ERR);
 }
 
 typedef void (HTMLMediaElement::*SyncSectionFn)();
--- a/dom/security/test/general/mochitest.ini
+++ b/dom/security/test/general/mochitest.ini
@@ -58,8 +58,9 @@ skip-if = !debug
 [test_same_site_cookies_laxByDefault.html]
 skip-if =  debug
 support-files = closeWindow.sjs
 [test_xfo_error_page.html]
 support-files = file_xfo_error_page.sjs
 [test_sec_fetch_websocket.html]
 skip-if = toolkit == 'android' # no websocket support Bug 982828
 support-files = file_sec_fetch_websocket_wsh.py
+[test_bug1450853.html]
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/dom/security/test/general/test_bug1450853.html
@@ -0,0 +1,58 @@
+<!DOCTYPE html>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=1450853
+-->
+<head>
+<meta charset="utf-8">
+<title>Test for Cross-origin resouce status leak via MediaError</title>
+<script src="/tests/SimpleTest/SimpleTest.js"></script>
+<script src="/tests/SimpleTest/ChromeTask.js"></script>
+<link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"/>
+
+<audio autoplay id="audio"></audio>
+
+<script type="application/javascript">
+
+/** Test for Bug 1450853 **/
+CONST_GENERIC_ERROR_MESSAGE = "Failed to open media";
+
+add_task(function() {
+  return new Promise((resolve) => {
+      let audioElement = document.getElementById("audio");
+
+      audioElement.onerror = function() {
+      let err = this.error;    
+      let message = err.message;
+      info(`Got Audio Error -> ${message}`);
+      ok(message.includes("404"), "Same-Origin Error Message may contain status data");
+      resolve();
+    };
+  audioElement.src = "/media/test.mp3";
+  });
+});
+
+add_task(function() {
+  return new Promise((resolve) => {
+      let audioElement = document.getElementById("audio");
+
+      audioElement.onerror = function() {
+      let err = this.error;    
+      let message = err.message;
+      
+      info(`Got Audio Error -> ${message}`);
+      is(message,CONST_GENERIC_ERROR_MESSAGE, "Cross-Origin Error Message is only Generic");
+      resolve();
+    };
+  audioElement.src = "https://example.com/media/test.mp3";
+  });
+});
+
+</script>
+</head>
+
+<body>
+    <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1450853">Mozilla Bug 1450853</a>
+    <iframe width="0" height="0"></iframe>
+  </body>
+</html>