[EME] Bug 26332 - Require secure origins (e.g. HTTPS).
authorDavid Dorwin <ddorwin@google.com>
Fri, 24 Oct 2014 10:02:25 -0700
changeset 487 896eb33b68a2
parent 486 42ac6086a28a
child 488 be9998cf708c
[EME] Bug 26332 - Require secure origins (e.g. HTTPS).
encrypted-media/encrypted-media-respec.html
encrypted-media/encrypted-media.html
encrypted-media/encrypted-media.js
--- a/encrypted-media/encrypted-media-respec.html	Thu Oct 23 12:09:03 2014 -0700
+++ b/encrypted-media/encrypted-media-respec.html	Fri Oct 24 10:02:25 2014 -0700
@@ -314,8 +314,6 @@
               Otherwise, it is resolved with a new MediaKeySystemAccess object.
             </p>
 
-            <p class="issue"><a href="https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332">Bug 26332</a> - This method may be required to fail on non-secure origins.</p>
-
             <dl class='parameters'>
               <dt>DOMString keySystem</dt>
               <dd>
@@ -331,6 +329,7 @@
             <ol class="method-algorithm">
               <li><p>If <var title="true">keySystem</var> is an empty string, return a promise rejected with <a def-id="new-domexception-named"></a> <a def-id="InvalidAccessError"></a>.</p></li>
               <li><p>If <var title="true">supportedConfigurations</var> was provided and is empty, return a promise rejected with <a def-id="new-domexception-named"></a> <a def-id="InvalidAccessError"></a>.</p></li>
+              <li><p>If the <a def-id="origin"></a> of the calling context's <a def-id="document-concept"></a> is not an <a def-id="authenticated-origin"></a> [[!MIXED-CONTENT]], return a promise rejected with <a def-id="new-domexception-named"></a> <a def-id="NotSupportedError"></a>.</p>
               <li><p>If <var title="true">keySystem</var> is not one of the <a def-id="keysystems"></a> supported by the user agent, return a promise rejected with <a def-id="new-domexception-named"></a> <a def-id="NotSupportedError"></a>. String comparison is case-sensitive.</p></li>
               <li><p>Let <var>promise</var> be a new promise.</p></li>
               <li><p>Run the following steps asynchronously:</p>
--- a/encrypted-media/encrypted-media.html	Thu Oct 23 12:09:03 2014 -0700
+++ b/encrypted-media/encrypted-media.html	Fri Oct 24 10:02:25 2014 -0700
@@ -445,7 +445,7 @@
   </p>
   <h1 class="title p-name" id="title" property="dcterms:title">Encrypted Media Extensions</h1>
   
-  <h2 property="dcterms:issued" datatype="xsd:dateTime" content="2014-10-23T19:08:38.000Z" id="w3c-editor-s-draft-23-october-2014"><abbr title="World Wide Web Consortium">W3C</abbr> Editor's Draft <time class="dt-published" datetime="2014-10-23">23 October 2014</time></h2>
+  <h2 property="dcterms:issued" datatype="xsd:dateTime" content="2014-10-24T17:00:05.000Z" id="w3c-editor-s-draft-24-october-2014"><abbr title="World Wide Web Consortium">W3C</abbr> Editor's Draft <time class="dt-published" datetime="2014-10-24">24 October 2014</time></h2>
   <dl>
     
       <dt>This version:</dt>
@@ -795,8 +795,6 @@
               Otherwise, it is resolved with a new MediaKeySystemAccess object.
             </p>
 
-            <div class="issue"><div class="issue-title" aria-level="3" role="heading" id="h_issue_3"><span>Issue 3</span></div><p class=""><a href="https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332">Bug 26332</a> - This method may be required to fail on non-secure origins.</p></div>
-
             
 
             
@@ -808,12 +806,13 @@
               </td></tr></tbody></table><div><em>Return type: </em><code>Promise&lt;<a href="#idl-def-MediaKeySystemAccess" class="idlType"><code>MediaKeySystemAccess</code></a>&gt;</code></div><p>When this method is invoked, the user agent must run the following steps:</p><ol class="method-algorithm">
               <li><p>If <var title="true">keySystem</var> is an empty string, return a promise rejected with a new <code><a href="http://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-InvalidAccessError">InvalidAccessError</a></code>.</p></li>
               <li><p>If <var title="true">supportedConfigurations</var> was provided and is empty, return a promise rejected with a new <code><a href="http://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-InvalidAccessError">InvalidAccessError</a></code>.</p></li>
-              <li><p>If <var title="true">keySystem</var> is not one of the <a href="#key-system">Key Systems</a> supported by the user agent, return a promise rejected with a new <code><a href="http://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-NotSupportedError">NotSupportedError</a></code>. String comparison is case-sensitive.</p></li>
+              <li><p>If the <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> of the calling context's <a href="http://dom.spec.whatwg.org/#concept-document">Document</a> is not an <a href="http://www.w3.org/TR/mixed-content/#authenticated-origin">authenticated origin</a> [<cite><a class="bibref" href="#bib-MIXED-CONTENT">MIXED-CONTENT</a></cite>], return a promise rejected with a new <code><a href="http://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-NotSupportedError">NotSupportedError</a></code>.</p>
+              </li><li><p>If <var title="true">keySystem</var> is not one of the <a href="#key-system">Key Systems</a> supported by the user agent, return a promise rejected with a new <code><a href="http://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-NotSupportedError">NotSupportedError</a></code>. String comparison is case-sensitive.</p></li>
               <li><p>Let <var>promise</var> be a new promise.</p></li>
               <li><p>Run the following steps asynchronously:</p>
                 <ol>
                   <li><p>If <var title="true">keySystem</var> is not supported or not allowed in the <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> of the calling context's <a href="http://dom.spec.whatwg.org/#concept-document">Document</a>, return a promise rejected with a new <code><a href="http://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-NotSupportedError">NotSupportedError</a></code>.</p>
-                    <div class="issue"><div class="issue-title" aria-level="3" role="heading" id="h_issue_4"><span>Issue 4</span></div><p class=""><a href="https://www.w3.org/Bugs/Public/show_bug.cgi?id=25923">Bug 25923</a> - It is TBD whether rejecting the promise is the correct behavior or whether the promise should instead be resolved with <code>null</code>.</p></div>
+                    <div class="issue"><div class="issue-title" aria-level="3" role="heading" id="h_issue_3"><span>Issue 3</span></div><p class=""><a href="https://www.w3.org/Bugs/Public/show_bug.cgi?id=25923">Bug 25923</a> - It is TBD whether rejecting the promise is the correct behavior or whether the promise should instead be resolved with <code>null</code>.</p></div>
                   </li>
                   <li><p>If <code>supportedConfigurations</code> was not provided, resolve the promise with a new <a href="#idl-def-MediaKeySystemAccess" class="idlType"><code>MediaKeySystemAccess</code></a> object, execute the following steps:</p>
                     <ol>
@@ -903,7 +902,7 @@
             The required video content type.
           </dd></dl></section>
   
-        <div class="issue"><div class="issue-title" aria-level="2" role="heading" id="h_issue_5"><span>Issue 5</span></div><p class=""><a href="https://www.w3.org/Bugs/Public/show_bug.cgi?id=25923">Bug 25923</a> - The structure of the <code>DOMString</code> members may change. If it is, other methods may be added.</p></div>
+        <div class="issue"><div class="issue-title" aria-level="2" role="heading" id="h_issue_4"><span>Issue 4</span></div><p class=""><a href="https://www.w3.org/Bugs/Public/show_bug.cgi?id=25923">Bug 25923</a> - The structure of the <code>DOMString</code> members may change. If it is, other methods may be added.</p></div>
   
         <p>Implementations <em class="rfc2119" title="SHOULD NOT">SHOULD NOT</em> add members to the this dictionary.
           Should member(s) be added, they <em class="rfc2119" title="MUST">MUST</em> be of type MediaKeysRequirement, and it is <em class="rfc2119" title="RECOMMENDED">RECOMMENDED</em> that they have default values of <code><a href="#idl-def-MediaKeysRequirement.optional">"optional"</a></code> to support the widest range of application and client combinations.
@@ -1159,7 +1158,7 @@
             </li>
             <li><p>Return <var>promise</var>.</p></li>
           </ol></dd><dt id="widl-MediaKeySession-getUsableKeyIds-Promise-sequence-ArrayBuffer"><code>getUsableKeyIds</code></dt><dd>
-          <div class="issue"><div class="issue-title" aria-level="2" role="heading" id="h_issue_6"><span>Issue 6</span></div><p class=""><a href="https://www.w3.org/Bugs/Public/show_bug.cgi?id=26372">Bug 26372</a> - getUsableKeyIds() may be replaced.</p></div>
+          <div class="issue"><div class="issue-title" aria-level="2" role="heading" id="h_issue_5"><span>Issue 5</span></div><p class=""><a href="https://www.w3.org/Bugs/Public/show_bug.cgi?id=26372">Bug 26372</a> - getUsableKeyIds() may be replaced.</p></div>
           <p>Gets the key IDs for keys in the session that the CDM <em>knows</em> are currently usable to decrypt <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a>.</p>
 
           
@@ -1784,7 +1783,7 @@
                           </dd>
                           <dt>If any of the <var title="true">available keys</var> corresponds to the <var title="">block key ID</var> and is unusable</dt>
                           <dd>
-                            <div class="issue"><div class="issue-title" aria-level="3" role="heading" id="h_issue_7"><span>Issue 7</span></div><p class=""><a href="https://www.w3.org/Bugs/Public/show_bug.cgi?id=26372">Bug 26372</a> - It is TBD whether anything should happen in this case.</p></div>
+                            <div class="issue"><div class="issue-title" aria-level="3" role="heading" id="h_issue_6"><span>Issue 6</span></div><p class=""><a href="https://www.w3.org/Bugs/Public/show_bug.cgi?id=26372">Bug 26372</a> - It is TBD whether anything should happen in this case.</p></div>
                           </dd>
                           </dl>
                           <div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_44"><span>Note</span></div><p class="">Otherwise, there is no key for the <var title="true">block key ID</var> in any session so continue.</p></div>
--- a/encrypted-media/encrypted-media.js	Thu Oct 23 12:09:03 2014 -0700
+++ b/encrypted-media/encrypted-media.js	Fri Oct 24 10:02:25 2014 -0700
@@ -47,6 +47,10 @@
     link_helper(doc, df, 'http://www.w3.org/TR/html5/browsers.html#' + id, text);
   }
 
+  function mixedcontent_helper(doc, df, id, text) {
+    link_helper(doc, df, 'http://www.w3.org/TR/mixed-content/#' + id, text);
+  }
+
   function term_helper(doc, df, id, text) {
     link_helper(doc, df, url_helper(doc, '#' + id), text);
   }
@@ -304,6 +308,8 @@
 //    'effective-script-origin': { func: browsers_helper, fragment: 'effective-script-origin', link_text: 'effective script origin', },
     'cors-same-origin': { func: infrastructure_helper, fragment: 'cors-same-origin', link_text: 'CORS-same-origin', },
 
+    'authenticated-origin': { func: mixedcontent_helper, fragment: 'authenticated-origin', link_text: 'authenticated origin', },
+
 //    'contributors': { func: contributors_helper, fragment: '', link_text: '', },
   };