media: Require SecureContext for EME APIs
In this CL requestMediaKeySystemAccess() requires SecureContext. On
non-SecureContext, this API will not be visible.
Some notes for future reference:
1. file:// is always treated as SecureContext.
2. file:// is not a unique origin. The origin string is "file://"
3. LoadFromData is treated as non-SecureContext. See the updated [1]
in this CL.
4. LoadFromData is also treated as unique origin. This is what [1]
used to test without this CL.
5. allowFileAccessFromFileURLs has nothing to do with SecureContext.
Rather it controls whether you can load other files from file://.
- So if you run a simple html page on file://, and that file
doesn't depend on any other file, you don't need
allowFileAccessFromFileURLs. This is why for [2] we don't
really need allowFileAccessFromFileURLs.
- If the html page depends on other js files, without
allowFileAccessFromFileURLs, those js files will not be loaded.
This will cause a lot of test failures. That's why in content
shell, we have allowFileAccessFromFileURLs enabled by default.
[1]
third_party/WebKit/LayoutTests/media/encrypted-media/encrypted-media-unique-origin.html
[2] android_webview/test/shell/assets/key-system-test.html
BUG=672605
TEST=Manually tested and made sure EME APIs are not available on
insecure origins.
Review-Url: https://codereview.chromium.org/2678433003
Cr-Commit-Position: refs/heads/master@{#449344}
12 files changed