angler-fishThe Vulnerability History Project

android: Implement single origin and CORS check for video

      This patch implements hasSingleSecurityOrigin and didPassCORSAccessCheck
for the Android media player. Since we cannot query this information
directly from the native media player, we use a dedicated resource
loader to track redirects and perform the CORS access check. The native
media player is only started after this process has completed.

The new MediaInfoLoader class is based on BufferedResourceLoader. The info
loading request is started in parallel to the media player, and the DOM
ready state is updated only once the info loader has completed and the
player has provided video metadata.

BUG=234710
TEST=https://www.khronos.org/registry/webgl/conformance-suites/1.0.1/conformance/textures/tex-image-and-sub-image-2d-with-video.html
TBR=asvitikne

Review URL: https://chromiumcodereview.appspot.com/16952003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@206404 0039d316-1c4b-4281-b951-d872f2087c98
by Ervin the Starfish 2013-06-14 12:56:47 UTC
commit 313455f9ed06b7873cabcda46390e5d427c1ebc0
Chromium VCC CVE-2014-3161
content/content_tests.gypi
-1
tools/metrics/histograms/histograms.xml
-7
webkit/renderer/media/android/webmediaplayer_android.cc
+9 -41
webkit/renderer/media/android/webmediaplayer_android.h
-8
webkit/renderer/media/media_info_loader.cc
-185
webkit/renderer/media/media_info_loader.h
-122
webkit/renderer/media/media_info_loader_unittest.cc
-193
webkit/renderer/media/webkit_media.gypi
-2
expand_less