angler-fishThe Vulnerability History Project

Don't auto allow access to media devices unless a the security origin of the requester is the same as its ancestors.

      This adds a field in MediaStreamRequest to verify that the security origin of the requester is the same as its ancestors.
This field have to be set on the UI-thread and is therefore set just before sending the request to the UI.

BUG=448378
TEST= please see bug report

Review URL: https://codereview.chromium.org/795703003

Cr-Commit-Position: refs/heads/master@{#313904}
by Jackson the Koala 2015-01-30 12:42:50 UTC
commit ac8f9263b91c2b8b5c5ae7aa71af34c46f50d22d
Chromium
chrome/browser/media/media_stream_devices_controller.cc
-5
content/browser/frame_host/frame_tree_node.h
-4
content/browser/renderer_host/media/media_stream_manager.cc
+17 -22
content/browser/renderer_host/media/media_stream_ui_proxy.cc
+16 -41
content/browser/renderer_host/media/media_stream_ui_proxy.h
+2 -2
content/browser/renderer_host/media/media_stream_ui_proxy_unittest.cc
+40 -55
content/public/common/media_stream_request.cc
+1 -2
content/public/common/media_stream_request.h
+3 -3
expand_less