[Webkit-unassigned] [Bug 178551] PLaying HLS on HTML5 doesn't respect cookies from another domain
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 19 18:03:46 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=178551
--- Comment #2 from Jer Noble <jer.noble at apple.com> ---
(In reply to ealarcon from comment #0)
> The new third party policy of cookies, blocks all cookies from a third party
> media server, making it impossible to track the state of the player.
>
> The RFC specifically states:
>
> HTTP requests often include session state ("cookies"), which may
> contain private user data. Implementations MUST follow cookie
> restriction and expiry rules specified by "HTTP State Management
> Mechanism" [RFC6265] to protect themselves from attack. See also the
> Security Considerations section of that document, and "Use of HTTP
> State Management" [RFC2964].
>
> Besides still not supporting MSE.
Can you provide a test case? And is this behavior any different for image resources?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171020/5578b547/attachment.html>
More information about the webkit-unassigned
mailing list