summaryrefslogtreecommitdiffstats
path: root/dom
diff options
context:
space:
mode:
authorMoonchild <moonchild@palemoon.org>2020-08-28 06:46:12 +0000
committerMoonchild <moonchild@palemoon.org>2020-08-30 11:58:32 +0000
commit549c8b9283314fb98ee6f6068ad55f1ab38f7c5f (patch)
tree89f46d7bfc57fde52226e029a824ff6d23a0915c /dom
parent77e8ba7eaf3ca00f25d0507cf17de2f50741f335 (diff)
downloadUXP-549c8b9283314fb98ee6f6068ad55f1ab38f7c5f.tar
UXP-549c8b9283314fb98ee6f6068ad55f1ab38f7c5f.tar.gz
UXP-549c8b9283314fb98ee6f6068ad55f1ab38f7c5f.tar.lz
UXP-549c8b9283314fb98ee6f6068ad55f1ab38f7c5f.tar.xz
UXP-549c8b9283314fb98ee6f6068ad55f1ab38f7c5f.zip
[media] Only include source error details in debugging scenarios.
Unless a user is debugging media errors, this detail is unnecessary to report and could include sensitive data which could be abused by third-party requesters. This aligns it with the standard success/error paradigms in normal browsing situations.
Diffstat (limited to 'dom')
-rw-r--r--dom/html/HTMLMediaElement.cpp14
1 files changed, 13 insertions, 1 deletions
diff --git a/dom/html/HTMLMediaElement.cpp b/dom/html/HTMLMediaElement.cpp
index bc63eab51..4abc202a8 100644
--- a/dom/html/HTMLMediaElement.cpp
+++ b/dom/html/HTMLMediaElement.cpp
@@ -9,6 +9,7 @@
#include "mozilla/dom/HTMLSourceElement.h"
#include "mozilla/dom/ElementInlines.h"
#include "mozilla/dom/Promise.h"
+#include "mozilla/Preferences.h"
#include "mozilla/ArrayUtils.h"
#include "mozilla/MathAlgorithms.h"
#include "mozilla/AsyncEventDispatcher.h"
@@ -1245,7 +1246,18 @@ void HTMLMediaElement::NoSupportedMediaSourceError(const nsACString& aErrorDetai
if (mDecoder) {
ShutdownDecoder();
}
- mErrorSink->SetError(MEDIA_ERR_SRC_NOT_SUPPORTED, aErrorDetails);
+
+ // aErrorDetails can include sensitive details like MimeType or HTTP Status
+ // Code. We should not leak this and pass a Generic Error Message unless the
+ // user has explicitly enabled error reporting for debugging purposes.
+ bool reportDetails = Preferences::GetBool("media.sourceErrorDetails.enabled", false);
+ if (reportDetails) {
+ mErrorSink->SetError(MEDIA_ERR_SRC_NOT_SUPPORTED, aErrorDetails);
+ } else {
+ mErrorSink->SetError(MEDIA_ERR_SRC_NOT_SUPPORTED,
+ NS_LITERAL_CSTRING("Failed to open media"));
+ }
+
ChangeDelayLoadStatus(false);
UpdateAudioChannelPlayingState();
RejectPromises(TakePendingPlayPromises(), NS_ERROR_DOM_MEDIA_NOT_SUPPORTED_ERR);