[Webkit-unassigned] [Bug 178551] New: PLaying HLS on HTML5 doesn't respect cookies from another domain
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 19 16:36:38 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=178551
Bug ID: 178551
Summary: PLaying HLS on HTML5 doesn't respect cookies from
another domain
Product: WebKit
Version: Safari 11
Hardware: iPhone / iPad
OS: iOS 11
Status: NEW
Severity: Normal
Priority: P2
Component: Media Elements
Assignee: webkit-unassigned at lists.webkit.org
Reporter: ealarcon at altavoz.net
The new third party policy of cookies, blocks all cookies from a third party media server, making it impossible to track the state of the player.
The RFC specifically states:
HTTP requests often include session state ("cookies"), which may
contain private user data. Implementations MUST follow cookie
restriction and expiry rules specified by "HTTP State Management
Mechanism" [RFC6265] to protect themselves from attack. See also the
Security Considerations section of that document, and "Use of HTTP
State Management" [RFC2964].
Besides still not supporting MSE.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171019/9c268dce/attachment.html>
More information about the webkit-unassigned
mailing list