HTML5 Audio player skipping cookies
I am using Firefox latest version to test my website running mp3 files fetched via proxy We are using cookie authentication to validate user and play audio file Here is our current implementation
We send a request to our media proxy with a user token and it validates and set a cookie in response with a mp3 URL We set this mp3 URL in audio src and cookie is saved in browser
The problem is that <audio> player fetch media from src but it does not send the cookie we saved for that media proxy instead it does not send a single request cookie although in our XHR call we were sending many cookies
When no cookie is sent to our media proxy a 401 response is sent and audio player stops
Here are some requests from workflow
XHR Response
HTTP/2.0 200 OK date: Mon, 03 Jun 2019 07:21:45 GMT content-type: text/plain;charset=UTF-8 content-length: 10 access-control-allow-credentials: true access-control-allow-origin: https://consumer.example.com set-cookie: x-id-token=********** expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary: Accept-Encoding server: cloudflare cf-ray: 4e0fe97e6ccfd791-MRS X-Firefox-Spdy: h2
XHR Request
Host: media.example.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:67.0) Gecko/20100101 Firefox/67.0 Accept: application/json, text/plain, */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://consumer.example.com/listen/uuid Origin: https://consumer.example.com Connection: keep-alive Cookie: ajs_anonymous_id=%22f6ae4eca-8ea9-4560-86e3-627457ef4a81%22; _gat=1; __cfduid=d695230e812d89679db4755d7f0b1cc311559546465; optimizelyEndUserId=oeu1559546469968r0.12488801925201709; tracking-preferences={%22version%22:1%2C%22destinations%22:{%22Amazon%20Kinesis%22:true%2C%22Branch%20Metrics%22:true%2C%22Google%20Analytics%22:true%2C%22MailChimp%22:true%2C%22Optimizely%22:true}%2C%22custom%22:{%22marketingAndAnalytics%22:true%2C%22advertising%22:true%2C%22functional%22:true}}; ajs_user_id=%221bd49c39-b295-4e31-87af-1ac3745190fb%22; ajs_group_id=null; _ga=GA1.2.1103036539.1559546471; _gid=GA1.2.2051257759.1559546471; fbsstage=*****
After this request i see that X-Id-Token cookie set in browser but in a subsequent call to same URL not even a single cookie is sent although in above request 4-5 cookies were sent
Subsequent Request
Host: media.example.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:67.0) Gecko/20100101 Firefox/67.0 Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5 Accept-Language: en-US,en;q=0.5 Referer: https://consumer.example.com/listen/uuid Range: bytes=0- Origin: https://consumer.example.com Connection: keep-alive TE: Trailers expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server: cloudflare cf-ray: 4e0fe9823aecd791-MRS X-Firefox-Spdy: h2
This works fine in chrome as the cookie is sent in all requests but not in firefox. There is no CORS issue in browser console. I see only these errors from audio player AbortError: The fetching process for the media resource was aborted by the user agent at the user's request. AbortError: The operation was aborted. AbortError: The operation was aborted.
This happened because the media fetch call returned 401 because cookie was not present Can anyone tell me whats wrong here?
Wšykne wótegrona (7)
I think that you should report this issue on the https://bugzilla.mozilla.org/enter_bug.cgi page.
You can create a new profile to test if your current profile is causing the problem.
See "Creating a profile":
- https://support.mozilla.org/en-US/kb/profile-manager-create-and-remove-firefox-profiles
- http://kb.mozillazine.org/Standard_diagnostic_-_Firefox#Profile_issues
If the new profile works then you can transfer files from a previously used profile to the new profile, but be cautious not to copy corrupted files to avoid carrying over problems.
Okay, so what domain/path is this cookie set for:
hassnainalvi said
XHR Response
HTTP/2.0 200 OK date: Mon, 03 Jun 2019 07:21:45 GMT content-type: text/plain;charset=UTF-8 content-length: 10 access-control-allow-credentials: true access-control-allow-origin: https://consumer.example.com set-cookie: x-id-token=********** expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary: Accept-Encoding server: cloudflare cf-ray: 4e0fe97e6ccfd791-MRS X-Firefox-Spdy: h2
If you are viewing a page on consumer.example.com and open the Storage Inspector using Shift+F9, can you check the domain and see whether the cookie was set for the base site (example.com) or only for the specific host (consumer.example.com) or even worse, for a specific path?
jscher2000 said
Okay, so what domain/path is this cookie set for: hassnainalvi saidXHR Response
HTTP/2.0 200 OK date: Mon, 03 Jun 2019 07:21:45 GMT content-type: text/plain;charset=UTF-8 content-length: 10 access-control-allow-credentials: true access-control-allow-origin: https://consumer.example.com set-cookie: x-id-token=********** expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary: Accept-Encoding server: cloudflare cf-ray: 4e0fe97e6ccfd791-MRS X-Firefox-Spdy: h2If you are viewing a page on consumer.example.com and open the Storage Inspector using Shift+F9, can you check the domain and see whether the cookie was set for the base site (example.com) or only for the specific host (consumer.example.com) or even worse, for a specific path?
The cookie is set for media.example.com domain because the set cookie response is received from media domain
Wót hassnainalvi
You would have to set a domain cookie for domain=.example.com to make Firefox send this cookie.
cor-el said
You would have to set a domain cookie for domain=.example.com to make Firefox send this cookie.
I tried it settings it but it still does not work The cookie is present when i check site-data but firefox does not send it with .mp3 (media) requests. Everything works fine in Chrome
Here is what i understand from my testing This specific issue happens when the media call is sent with bytes range Everything works fine and all cookies are attached to the request when the call is made with the header below: Range: bytes=0-
But as soon as the next chunk is fetched and header change to anything like > Range: bytes=18644992-
It just stop working and does not send a single cookie although in the working scenario it sends all five cookies for example.com domain