Modified: trunk/Source/WebCore/ChangeLog (218608 => 218609)
--- trunk/Source/WebCore/ChangeLog 2017-06-20 20:45:36 UTC (rev 218608)
+++ trunk/Source/WebCore/ChangeLog 2017-06-20 22:04:31 UTC (rev 218609)
@@ -1,3 +1,21 @@
+2017-06-20 Daniel Bates <daba...@apple.com>
+
+ Skip Content Security Policy check for a media request using standard schemes initiated from
+ an element in user agent shadow tree
+ https://bugs.webkit.org/show_bug.cgi?id=155505
+ <rdar://problem/25169452>
+
+ Reviewed by Brent Fulgham.
+
+ This change makes the following tests pass on iOS 11:
+ http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video.html
+ http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio.html
+
+ * loader/MediaResourceLoader.cpp:
+ (WebCore::MediaResourceLoader::requestResource):
+ * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
+ (WebCore::WebCoreAVFResourceLoader::startLoading):
+
2017-06-20 Andreas Kling <akl...@apple.com>
Remove no-op calls to purge SQLite caches on memory pressure.
Modified: trunk/Source/WebCore/loader/MediaResourceLoader.cpp (218608 => 218609)
--- trunk/Source/WebCore/loader/MediaResourceLoader.cpp 2017-06-20 20:45:36 UTC (rev 218608)
+++ trunk/Source/WebCore/loader/MediaResourceLoader.cpp 2017-06-20 22:04:31 UTC (rev 218609)
@@ -76,8 +76,8 @@
request.makeUnconditional();
#endif
- // FIXME: Skip Content Security Policy check if the element that initiated this request is in a user-agent shadow tree. See <https://bugs.webkit.org/show_bug.cgi?id=155505>.
- CachedResourceRequest cacheRequest(WTFMove(request), ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, bufferingPolicy, AllowStoredCredentials, ClientCredentialPolicy::MayAskClientForCredentials, FetchOptions::Credentials::Include, DoSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, cachingPolicy));
+ ContentSecurityPolicyImposition contentSecurityPolicyImposition = m_mediaElement && m_mediaElement->isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck;
+ CachedResourceRequest cacheRequest(WTFMove(request), ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, bufferingPolicy, AllowStoredCredentials, ClientCredentialPolicy::MayAskClientForCredentials, FetchOptions::Credentials::Include, DoSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, contentSecurityPolicyImposition, DefersLoadingPolicy::AllowDefersLoading, cachingPolicy));
cacheRequest.setAsPotentiallyCrossOrigin(m_crossOriginMode, *m_document);
if (m_mediaElement)
cacheRequest.setInitiator(*m_mediaElement.get());
Modified: trunk/Source/WebCore/platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm (218608 => 218609)
--- trunk/Source/WebCore/platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm 2017-06-20 20:45:36 UTC (rev 218608)
+++ trunk/Source/WebCore/platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm 2017-06-20 22:04:31 UTC (rev 218609)
@@ -71,7 +71,7 @@
resourceRequest.setPriority(ResourceLoadPriority::Low);
// FIXME: Skip Content Security Policy check if the element that inititated this request
- // is in a user-agent shadow tree. See <https://bugs.webkit.org/show_bug.cgi?id=155505>.
+ // is in a user-agent shadow tree. See <https://bugs.webkit.org/show_bug.cgi?id=173498>.
CachedResourceRequest request(WTFMove(resourceRequest), ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, BufferData, DoNotAllowStoredCredentials, ClientCredentialPolicy::CannotAskClientForCredentials, FetchOptions::Credentials::Omit, DoSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::DisallowCaching));
if (auto* loader = m_parent->player()->cachedResourceLoader())
m_resource = loader->requestMedia(WTFMove(request));
