[Webkit-unassigned] [Bug 178551] PLaying HLS on HTML5 doesn't respect cookies from another domain

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Oct 26 11:24:50 PDT 2017


--- Comment #8 from Jer Noble <jer.noble at apple.com> ---
(In reply to ealarcon from comment #7)
> Yes, the cookies are used to track every player instance specifically
> because every player instance needs something diferent that changes over
> time, you can't change the url of a tag video or audio while playing wihtout
> restarting, or can you?.

No, but why should the client change its identifier mid-playback? The token just tells the server which player is doing the requesting; if the server needs to change, mid session, there's no reason for the session identifier to change as well.  And importantly, there's nothing the client can do to change what cookie is sent to the third-party origin, even when third-party cookie blocking is disabled; all the changes must take place server-side, not client-side.  At least with the identifier technique, the client could use the identifier to make side-channel requests of the media server.

Anyway, I'm not trying to tell you how this feature should be implemented; I'm just pointing out that Set-Cookie is not the right tool for the job, and that other techniques exist.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171026/7b1e935c/attachment-0001.html>

More information about the webkit-unassigned mailing list