Make playback fail if redirected to a different origin.

Fixing spec compliance.
http://dev.w3.org/html5/spec/Overview.html#concept-media-load-resource

BUG=72578
TEST=BufferedResourceLoaderTest.HasSingleOrigin(), SimpleDataSourceTest.HasSingleOrigin()

Review URL: http://codereview.chromium.org/6580014

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@76064 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 10 insertions, 0 deletions

diff --git a/webkit/glue/media/simple_data_source.cc b/webkit/glue/media/simple_data_source.cc
index 07f75878..fee89fe 100644
--- a/webkit/glue/media/simple_data_source.cc
+++ b/webkit/glue/media/simple_data_source.cc
@@ -113,11 +113,21 @@ void SimpleDataSource::willSendRequest(
     WebKit::WebURLRequest& newRequest,
     const WebKit::WebURLResponse& redirectResponse) {
   DCHECK(MessageLoop::current() == render_loop_);
+  base::AutoLock auto_lock(lock_);
 
   // Only allow |single_origin_| if we haven't seen a different origin yet.
   if (single_origin_)
     single_origin_ = url_.GetOrigin() == GURL(newRequest.url()).GetOrigin();
 
+  // Enforce same-origin policy and cause redirects to other origins to
+  // look like network errors.
+  // http://dev.w3.org/html5/spec/Overview.html#concept-media-load-resource
+  // http://dev.w3.org/html5/spec/Overview.html#fetch
+  if (!single_origin_) {
+    DoneInitialization_Locked(false);
+    return;
+  }
+
   url_ = newRequest.url();
 }