[media] Only include source error details in debugging scenarios.
parent
f9bd1dc92c
commit
855a412394
|
@ -9,6 +9,7 @@
|
||||||
#include "mozilla/dom/HTMLSourceElement.h"
|
#include "mozilla/dom/HTMLSourceElement.h"
|
||||||
#include "mozilla/dom/ElementInlines.h"
|
#include "mozilla/dom/ElementInlines.h"
|
||||||
#include "mozilla/dom/Promise.h"
|
#include "mozilla/dom/Promise.h"
|
||||||
|
#include "mozilla/Preferences.h"
|
||||||
#include "mozilla/ArrayUtils.h"
|
#include "mozilla/ArrayUtils.h"
|
||||||
#include "mozilla/MathAlgorithms.h"
|
#include "mozilla/MathAlgorithms.h"
|
||||||
#include "mozilla/AsyncEventDispatcher.h"
|
#include "mozilla/AsyncEventDispatcher.h"
|
||||||
|
@ -1245,7 +1246,18 @@ void HTMLMediaElement::NoSupportedMediaSourceError(const nsACString& aErrorDetai
|
||||||
if (mDecoder) {
|
if (mDecoder) {
|
||||||
ShutdownDecoder();
|
ShutdownDecoder();
|
||||||
}
|
}
|
||||||
mErrorSink->SetError(MEDIA_ERR_SRC_NOT_SUPPORTED, aErrorDetails);
|
|
||||||
|
// aErrorDetails can include sensitive details like MimeType or HTTP Status
|
||||||
|
// Code. We should not leak this and pass a Generic Error Message unless the
|
||||||
|
// user has explicitly enabled error reporting for debugging purposes.
|
||||||
|
bool reportDetails = Preferences::GetBool("media.sourceErrorDetails.enabled", false);
|
||||||
|
if (reportDetails) {
|
||||||
|
mErrorSink->SetError(MEDIA_ERR_SRC_NOT_SUPPORTED, aErrorDetails);
|
||||||
|
} else {
|
||||||
|
mErrorSink->SetError(MEDIA_ERR_SRC_NOT_SUPPORTED,
|
||||||
|
NS_LITERAL_CSTRING("Failed to open media"));
|
||||||
|
}
|
||||||
|
|
||||||
ChangeDelayLoadStatus(false);
|
ChangeDelayLoadStatus(false);
|
||||||
UpdateAudioChannelPlayingState();
|
UpdateAudioChannelPlayingState();
|
||||||
RejectPromises(TakePendingPlayPromises(), NS_ERROR_DOM_MEDIA_NOT_SUPPORTED_ERR);
|
RejectPromises(TakePendingPlayPromises(), NS_ERROR_DOM_MEDIA_NOT_SUPPORTED_ERR);
|
||||||
|
|
|
@ -5432,3 +5432,12 @@ pref("prompts.authentication_dialog_abuse_limit", 0);
|
||||||
|
|
||||||
// Whether module scripts (<script type="module">) are enabled for content.
|
// Whether module scripts (<script type="module">) are enabled for content.
|
||||||
pref("dom.moduleScripts.enabled", true);
|
pref("dom.moduleScripts.enabled", true);
|
||||||
|
|
||||||
|
// Report details when a media source error occurs?
|
||||||
|
// Enabled by default in debug builds, otherwise should be explicitly enabled
|
||||||
|
// by the user to prevent XO leaking of the response status (CVE-2020-15666)
|
||||||
|
#ifdef DEBUG
|
||||||
|
pref("media.sourceErrorDetails.enabled", true);
|
||||||
|
#else
|
||||||
|
pref("media.sourceErrorDetails.enabled", false);
|
||||||
|
#endif
|
||||||
|
|
Loading…
Reference in New Issue