Bug 1642729 Comment 17 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

If we have a way to check the image specified by the URL is secure, then we don't need to download the image. We can forward the URL that has been checked to the MPRIS interface directly.
If we have a way to check the image specified by the URL is secure, then we don't need to download the image. We can forward the URL that has been checked to the MPRIS interface directly.

> The passed URL will be loaded via `asyncOpen` in `nsIChannel`. For `http` or `https` case, [`nsHttpChannel::AsyncOpen`](https://searchfox.org/mozilla-central/rev/82c04b9cad5b98bdf682bd477f2b1e3071b004ad/netwerk/protocol/http/nsHttpChannel.cpp#6469) will be called. It seems some [*content security check*](https://searchfox.org/mozilla-central/rev/82c04b9cad5b98bdf682bd477f2b1e3071b004ad/netwerk/protocol/http/nsHttpChannel.cpp#6471-6472) is done there.

Now the security-check is done by `nsHttpChannel::AsyncOpen` through [`FetchImageHelper::FetchImage()`](https://searchfox.org/mozilla-central/rev/82c04b9cad5b98bdf682bd477f2b1e3071b004ad/dom/media/mediacontrol/FetchImageHelper.cpp#28). So if the image could be fetched successfully, then we can assume it's a secure URL. Then the URL could be forwarded to MPRIS directly, instead of saving a local copy from the fetched image. Is this approach better?
If we have a way to check the image specified by the URL is secure, then we don't need to download the image. We can forward the URL that has been checked to the MPRIS interface directly.

> The passed URL will be loaded via `asyncOpen` in `nsIChannel`. For `http` or `https` case, [`nsHttpChannel::AsyncOpen`](https://searchfox.org/mozilla-central/rev/82c04b9cad5b98bdf682bd477f2b1e3071b004ad/netwerk/protocol/http/nsHttpChannel.cpp#6469) will be called. It seems some [*content security check*](https://searchfox.org/mozilla-central/rev/82c04b9cad5b98bdf682bd477f2b1e3071b004ad/netwerk/protocol/http/nsHttpChannel.cpp#6471-6472) is done there.

Now the security-check is done by `nsHttpChannel::AsyncOpen`, through [`FetchImageHelper::FetchImage()`](https://searchfox.org/mozilla-central/rev/82c04b9cad5b98bdf682bd477f2b1e3071b004ad/dom/media/mediacontrol/FetchImageHelper.cpp#28). So if the image could be fetched successfully, then we can assume it's a secure URL. Then the URL could be forwarded to MPRIS directly, instead of saving a local copy from the fetched image. Is this approach better?
If we have a way to check the image specified by the URL is secure, then we don't need to download the image. We can forward the URL that has been checked to the MPRIS interface directly.

> The passed URL will be loaded via `asyncOpen` in `nsIChannel`. For `http` or `https` case, [`nsHttpChannel::AsyncOpen`](https://searchfox.org/mozilla-central/rev/82c04b9cad5b98bdf682bd477f2b1e3071b004ad/netwerk/protocol/http/nsHttpChannel.cpp#6469) will be called. It seems some [*content security check*](https://searchfox.org/mozilla-central/rev/82c04b9cad5b98bdf682bd477f2b1e3071b004ad/netwerk/protocol/http/nsHttpChannel.cpp#6471-6472) is done there.

Now the security-check is done by `nsHttpChannel::AsyncOpen`, via [`FetchImageHelper::FetchImage()`](https://searchfox.org/mozilla-central/rev/82c04b9cad5b98bdf682bd477f2b1e3071b004ad/dom/media/mediacontrol/FetchImageHelper.cpp#28). So if the image could be fetched successfully, then we can assume it's a secure URL. Then the URL could be forwarded to MPRIS directly, instead of saving a local copy from the fetched image. Is this approach better?
If we have a way to check the image specified by the URL is secure, then we don't need to download the image. We can forward the URL that has been checked to the MPRIS interface directly.

> The passed URL will be loaded via `asyncOpen` in `nsIChannel`. For `http` or `https` case, [`nsHttpChannel::AsyncOpen`](https://searchfox.org/mozilla-central/rev/82c04b9cad5b98bdf682bd477f2b1e3071b004ad/netwerk/protocol/http/nsHttpChannel.cpp#6469) will be called. It seems some [*content security check*](https://searchfox.org/mozilla-central/rev/82c04b9cad5b98bdf682bd477f2b1e3071b004ad/netwerk/protocol/http/nsHttpChannel.cpp#6471-6472) is done there.

Now the security-check is done by [`nsContentSecurityManager`](https://searchfox.org/mozilla-central/rev/82c04b9cad5b98bdf682bd477f2b1e3071b004ad/netwerk/protocol/http/nsHttpChannel.cpp#6471-6472) in `nsHttpChannel::AsyncOpen`, via [`FetchImageHelper::FetchImage()`](https://searchfox.org/mozilla-central/rev/82c04b9cad5b98bdf682bd477f2b1e3071b004ad/dom/media/mediacontrol/FetchImageHelper.cpp#28). So if the image could be fetched successfully, then we can assume it's a secure URL. Then the URL could be forwarded to MPRIS directly, instead of saving a local copy from the fetched image. Is this approach better?
If we have a way to check the image specified by the URL is secure, then we don't need to download the image. We can forward the URL that has been checked to the MPRIS interface directly.

> The passed URL will be loaded via `asyncOpen` in `nsIChannel`. For `http` or `https` case, [`nsHttpChannel::AsyncOpen`](https://searchfox.org/mozilla-central/rev/82c04b9cad5b98bdf682bd477f2b1e3071b004ad/netwerk/protocol/http/nsHttpChannel.cpp#6469) will be called. It seems some [*content security check*](https://searchfox.org/mozilla-central/rev/82c04b9cad5b98bdf682bd477f2b1e3071b004ad/netwerk/protocol/http/nsHttpChannel.cpp#6471-6472) is done there.

Now the security-check is done by [`nsContentSecurityManager`](https://searchfox.org/mozilla-central/rev/82c04b9cad5b98bdf682bd477f2b1e3071b004ad/netwerk/protocol/http/nsHttpChannel.cpp#6471-6472) in `nsHttpChannel::AsyncOpen`, via [`FetchImageHelper::FetchImage()`](https://searchfox.org/mozilla-central/rev/82c04b9cad5b98bdf682bd477f2b1e3071b004ad/dom/media/mediacontrol/FetchImageHelper.cpp#28). Assume that check does the right job. As a result, if the image could be fetched successfully, then we can assume the URL specifying the image is secure. Then the URL could be forwarded to MPRIS directly, instead of saving a local copy from the fetched image and forwarding its path. Is this approach better?

Back to Bug 1642729 Comment 17