From 0c89e67eb5bf2d82596d0c697831787cbbdf1e7f Mon Sep 17 00:00:00 2001 From: Callum Prentice Date: Fri, 20 Aug 2021 08:28:48 -0700 Subject: DRTVWR-534: Batch of modifications to 360 capture project after moving from internal repo to public one. --- indra/media_plugins/cef/media_plugin_cef.cpp | 41 +++++++++++++++++++++++++--- 1 file changed, 37 insertions(+), 4 deletions(-) (limited to 'indra/media_plugins') diff --git a/indra/media_plugins/cef/media_plugin_cef.cpp b/indra/media_plugins/cef/media_plugin_cef.cpp index 8465285d2b..2f2f25b612 100644 --- a/indra/media_plugins/cef/media_plugin_cef.cpp +++ b/indra/media_plugins/cef/media_plugin_cef.cpp @@ -65,7 +65,7 @@ private: void onTooltipCallback(std::string text); void onLoadStartCallback(); void onRequestExitCallback(); - void onLoadEndCallback(int httpStatusCode); + void onLoadEndCallback(int httpStatusCode, std::string url); void onLoadError(int status, const std::string error_text); void onAddressChangeCallback(std::string url); void onOpenPopupCallback(std::string url, std::string target); @@ -92,6 +92,8 @@ private: bool mDisableGPU; bool mDisableNetworkService; bool mUseMockKeyChain; + bool mDisableWebSecurity; + bool mFileAccessFromFileUrls; std::string mUserAgentSubtring; std::string mAuthUsername; std::string mAuthPassword; @@ -127,6 +129,8 @@ MediaPluginBase(host_send_func, host_user_data) mDisableGPU = false; mDisableNetworkService = true; mUseMockKeyChain = true; + mDisableWebSecurity = false; + mFileAccessFromFileUrls = false; mUserAgentSubtring = ""; mAuthUsername = ""; mAuthPassword = ""; @@ -260,13 +264,14 @@ void MediaPluginCEF::onRequestExitCallback() //////////////////////////////////////////////////////////////////////////////// // -void MediaPluginCEF::onLoadEndCallback(int httpStatusCode) +void MediaPluginCEF::onLoadEndCallback(int httpStatusCode, std::string url) { LLPluginMessage message(LLPLUGIN_MESSAGE_CLASS_MEDIA_BROWSER, "navigate_complete"); //message.setValue("uri", event.getEventUri()); // not easily available here in CEF - needed? message.setValueS32("result_code", httpStatusCode); message.setValueBoolean("history_back_available", mCEFLib->canGoBack()); message.setValueBoolean("history_forward_available", mCEFLib->canGoForward()); + message.setValue("uri", url); sendMessage(message); } @@ -355,14 +360,16 @@ const std::vector MediaPluginCEF::onFileDialog(dullahan::EFileDialo } else if (dialog_type == dullahan::FD_SAVE_FILE) { + mPickedFiles.clear(); mAuthOK = false; LLPluginMessage message(LLPLUGIN_MESSAGE_CLASS_MEDIA, "file_download"); + message.setValueBoolean("blocking_request", true); message.setValue("filename", default_file); sendMessage(message); - return std::vector(); + return mPickedFiles; } return std::vector(); @@ -523,7 +530,7 @@ void MediaPluginCEF::receiveMessage(const char* message_string) mCEFLib->setOnTitleChangeCallback(std::bind(&MediaPluginCEF::onTitleChangeCallback, this, std::placeholders::_1)); mCEFLib->setOnTooltipCallback(std::bind(&MediaPluginCEF::onTooltipCallback, this, std::placeholders::_1)); mCEFLib->setOnLoadStartCallback(std::bind(&MediaPluginCEF::onLoadStartCallback, this)); - mCEFLib->setOnLoadEndCallback(std::bind(&MediaPluginCEF::onLoadEndCallback, this, std::placeholders::_1)); + mCEFLib->setOnLoadEndCallback(std::bind(&MediaPluginCEF::onLoadEndCallback, this, std::placeholders::_1, std::placeholders::_2)); mCEFLib->setOnLoadErrorCallback(std::bind(&MediaPluginCEF::onLoadError, this, std::placeholders::_1, std::placeholders::_2)); mCEFLib->setOnAddressChangeCallback(std::bind(&MediaPluginCEF::onAddressChangeCallback, this, std::placeholders::_1)); mCEFLib->setOnOpenPopupCallback(std::bind(&MediaPluginCEF::onOpenPopupCallback, this, std::placeholders::_1, std::placeholders::_2)); @@ -562,6 +569,19 @@ void MediaPluginCEF::receiveMessage(const char* message_string) settings.disable_network_service = mDisableNetworkService; settings.use_mock_keychain = mUseMockKeyChain; #endif + // these were added to facilitate loading images directly into a local + // web page for the prototype 360 project in 2017 - something that is + // disallowed normally by the browser security model. Now the the source + // (cubemap) images are stores as JavaScript, we can avoid opening up + // this security hole (it was only set for the 360 floater but still + // a concern). Leaving them here, explicitly turn off vs removing + // entirely from this source file so that others are aware of them + // in the future. + settings.disable_web_security = false; + settings.file_access_from_file_urls = false; + + settings.flash_enabled = mPluginsEnabled; + // This setting applies to all plugins, not just Flash // Regarding, SL-15559 PDF files do not load in CEF v91, // it turns out that on Windows, PDF support is treated @@ -688,6 +708,11 @@ void MediaPluginCEF::receiveMessage(const char* message_string) std::string uri = message_in.getValue("uri"); mCEFLib->navigate(uri); } + else if (message_name == "execute_javascript") + { + std::string code = message_in.getValue("code"); + mCEFLib->executeJavaScript(code); + } else if (message_name == "set_cookie") { std::string uri = message_in.getValue("uri"); @@ -883,6 +908,14 @@ void MediaPluginCEF::receiveMessage(const char* message_string) { mDisableGPU = message_in.getValueBoolean("disable"); } + else if (message_name == "web_security_disabled") + { + mDisableWebSecurity = message_in.getValueBoolean("disabled"); + } + else if (message_name == "file_access_from_file_urls") + { + mFileAccessFromFileUrls = message_in.getValueBoolean("enabled"); + } } else if (message_class == LLPLUGIN_MESSAGE_CLASS_MEDIA_TIME) { -- cgit v1.2.3