[Webkit-unassigned] [Bug 178551] PLaying HLS on HTML5 doesn't respect cookies from another domain
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 26 11:08:20 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=178551
Jer Noble <jer.noble at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |WONTFIX
--- Comment #6 from Jer Noble <jer.noble at apple.com> ---
I generated some test pages which load <video> and <img> resources in a third-party context, and where those resources respond with a Set-Cookie header. In both the case for <video> and <img>, the cookies are not sent with the next request for the same resource. This is as intended. Here's why:
The entire purpose of third-party cookie blocking is to disallow requests to a third-party origin from setting cookies, at all.
However, for your use case, cookies are not the correct tool to be using; cookies are saved across page reload, and potentially across browser instances, and it sounds like you're trying to track individual player instances. If you want to track per-player instance, I suggest you try adding a UUID parameter to the playlist URL. You could even do an XHR to the media server to request the session ID to use first (assuming you set the correct CORS headers on the media server). These techniques are perfectly compatible with third-party cookie blocking, and even 1st party cookie blocking.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171026/c0a9293a/attachment-0001.html>
More information about the webkit-unassigned
mailing list