Bug 1450853 - Use Generic Error for 3rdparty MediaElement r=ckerschb,smaug, a=jcristau
authorSebastian Streich <sstreich@mozilla.com>
Thu, 16 Jul 2020 12:03:38 +0000
changeset 599977 f46af8bc88a4c3ba617056cca36165542c928d85
parent 599976 8fcbcd0de7c6517f2db108c41c8a35587afbc759
child 599978 48174c4ae8eed9518fe8c9db9bfcfbb1383d0e32
push id54
push userjcristau@mozilla.com
push dateThu, 06 Aug 2020 10:31:36 +0000
treeherdermozilla-esr78@89bd47656f3d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersckerschb, smaug, jcristau
bugs1450853
milestone78.2.0
Bug 1450853 - Use Generic Error for 3rdparty MediaElement r=ckerschb,smaug, a=jcristau *** Add test Differential Revision: https://phabricator.services.mozilla.com/D80080
dom/html/HTMLMediaElement.cpp
dom/security/test/general/mochitest.ini
dom/security/test/general/test_bug1450853.html
--- a/dom/html/HTMLMediaElement.cpp
+++ b/dom/html/HTMLMediaElement.cpp
@@ -2304,17 +2304,34 @@ void HTMLMediaElement::AbortExistingLoad
   AssertReadyStateIsNothing();
 }
 
 void HTMLMediaElement::NoSupportedMediaSourceError(
     const nsACString& aErrorDetails) {
   if (mDecoder) {
     ShutdownDecoder();
   }
-  mErrorSink->SetError(MEDIA_ERR_SRC_NOT_SUPPORTED, aErrorDetails);
+
+  bool isThirdPartyLoad = false;
+  nsresult rv = NS_ERROR_NOT_AVAILABLE;
+  if (mSrcAttrTriggeringPrincipal) {
+    rv = mSrcAttrTriggeringPrincipal->IsThirdPartyURI(mLoadingSrc,
+                                                      &isThirdPartyLoad);
+  }
+
+  if (NS_SUCCEEDED(rv) && isThirdPartyLoad) {
+    // aErrorDetails can include sensitive details like MimeType or HTTP Status
+    // Code. In case we're loading a 3rd party resource we should not leak this
+    // and pass a Generic Error Message
+    mErrorSink->SetError(MEDIA_ERR_SRC_NOT_SUPPORTED,
+                         NS_LITERAL_CSTRING("Failed to open media"));
+  } else {
+    mErrorSink->SetError(MEDIA_ERR_SRC_NOT_SUPPORTED, aErrorDetails);
+  }
+
   RemoveMediaTracks();
   ChangeDelayLoadStatus(false);
   UpdateAudioChannelPlayingState();
   RejectPromises(TakePendingPlayPromises(),
                  NS_ERROR_DOM_MEDIA_NOT_SUPPORTED_ERR);
 }
 
 typedef void (HTMLMediaElement::*SyncSectionFn)();
--- a/dom/security/test/general/mochitest.ini
+++ b/dom/security/test/general/mochitest.ini
@@ -51,8 +51,9 @@ skip-if = !debug
 [test_same_site_cookies_laxByDefault.html]
 skip-if =  debug
 support-files = closeWindow.sjs
 [test_xfo_error_page.html]
 support-files = file_xfo_error_page.sjs
 [test_sec_fetch_websocket.html]
 skip-if = toolkit == 'android' # no websocket support Bug 982828
 support-files = file_sec_fetch_websocket_wsh.py
+[test_bug1450853.html]
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/dom/security/test/general/test_bug1450853.html
@@ -0,0 +1,58 @@
+<!DOCTYPE html>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=1450853
+-->
+<head>
+<meta charset="utf-8">
+<title>Test for Cross-origin resouce status leak via MediaError</title>
+<script src="/tests/SimpleTest/SimpleTest.js"></script>
+<script src="/tests/SimpleTest/ChromeTask.js"></script>
+<link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"/>
+
+<audio autoplay id="audio"></audio>
+
+<script type="application/javascript">
+
+/** Test for Bug 1450853 **/
+CONST_GENERIC_ERROR_MESSAGE = "Failed to open media";
+
+add_task(function() {
+  return new Promise((resolve) => {
+      let audioElement = document.getElementById("audio");
+
+      audioElement.onerror = function() {
+      let err = this.error;    
+      let message = err.message;
+      info(`Got Audio Error -> ${message}`);
+      ok(message.includes("404"), "Same-Origin Error Message may contain status data");
+      resolve();
+    };
+  audioElement.src = "/media/test.mp3";
+  });
+});
+
+add_task(function() {
+  return new Promise((resolve) => {
+      let audioElement = document.getElementById("audio");
+
+      audioElement.onerror = function() {
+      let err = this.error;    
+      let message = err.message;
+      
+      info(`Got Audio Error -> ${message}`);
+      is(message,CONST_GENERIC_ERROR_MESSAGE, "Cross-Origin Error Message is only Generic");
+      resolve();
+    };
+  audioElement.src = "https://example.com/media/test.mp3";
+  });
+});
+
+</script>
+</head>
+
+<body>
+    <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1450853">Mozilla Bug 1450853</a>
+    <iframe width="0" height="0"></iframe>
+  </body>
+</html>