[Webkit-unassigned] [Bug 178551] New: PLaying HLS on HTML5 doesn't respect cookies from another domain

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Oct 19 16:36:38 PDT 2017 

https://bugs.webkit.org/show_bug.cgi?id=178551

            Bug ID: 178551
           Summary: PLaying HLS on HTML5 doesn't respect cookies from
                    another domain
           Product: WebKit
           Version: Safari 11
          Hardware: iPhone / iPad
                OS: iOS 11
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Media Elements
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ealarcon at altavoz.net

The new third party policy of cookies, blocks all cookies from a third party media server, making it impossible to track the state of the player.

The RFC specifically states:

   HTTP requests often include session state ("cookies"), which may
   contain private user data.  Implementations MUST follow cookie
   restriction and expiry rules specified by "HTTP State Management
   Mechanism" [RFC6265] to protect themselves from attack.  See also the
   Security Considerations section of that document, and "Use of HTTP
   State Management" [RFC2964].

Besides still not supporting MSE.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171019/9c268dce/attachment.html>

More information about the webkit-unassigned mailing list