Open
Bug 1475681
Opened 6 years ago
Updated 2 years ago
Page CSP can break seeking to unbuffered position (in mp3 playback)
Categories
(Core :: Audio/Video: Playback, defect, P3)
Core
Audio/Video: Playback
Tracking
()
REOPENED
Tracking | Status | |
---|---|---|
firefox63 | --- | wontfix |
firefox64 | --- | wontfix |
firefox65 | --- | fix-optional |
firefox66 | --- | fix-optional |
People
(Reporter: rowbot, Unassigned)
References
(Depends on 1 open bug)
Details
(Keywords: regression, Whiteboard: [webcompat] [media-playback])
STR:
1) Visit the URL at [1]
2) Seek to an unbuffered position.
The playback stops and cannot be resumed. Bug 1190558 looks similar, but that seemed to be about Android.
[1] https://trowbotham.com/bug_tests/4159_1332269164.mp3
Reporter | ||
Comment 1•6 years ago
|
||
Looks like this regressed 2015-10-27, unfortunately mozregression wasn't able to narrow it down any further:
https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=e8c7dfe727cd970e2c3294934e2927b14143c205&tochange=9a8f2342fb3116d23989087e026448d38a3768c5
Updated•6 years ago
|
Has Regression Range: --- → yes
Keywords: regression
Comment 2•6 years ago
|
||
I can also reproduce this bug in a current nightly, Jean-Yves is that something that falls into your bucket?
Flags: needinfo?(jyavenard)
Comment 3•6 years ago
|
||
:janh is this something you could look into?
thank you
Flags: needinfo?(jyavenard) → needinfo?(jh+bugzilla)
Comment 4•6 years ago
|
||
I can take an initial look.
Updated•6 years ago
|
Assignee: nobody → jh+bugzilla
Priority: -- → P2
Reporter | ||
Comment 5•6 years ago
|
||
Hi Jan,
Thanks investigating this and for filing bug 1479516. I quickly tested a change in my .htaccess file to unset the Content-Security-Policy header when loading a file with a .mp3 extension and that resolved the issue I reported in this bug, I'll go ahead and close this bug. I reverted the change, however, so that it may be of use in resolving bug 1479516.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WORKSFORME
Comment 6•6 years ago
|
||
Yes, I was going to write that this was presumably caused by your CSP [1], however our behaviour here might still be worth investigating, as it's a bit strange that the initial load (or any loads from the disk cache, provided we manage to download the whole file and store it there) succeeds, but additional requests caused by seeking to outside of the currently buffered range are then blocked by the CSP.
Someone other than me needs to decide what our behaviour here should be and then take this further, though, so unassigning myself again.
For completeness, these are the CSP headers sent by your server:
> block-all-mixed-content; connect-src 'self'; default-src 'none'; font-src 'self' https://cdnjs.cloudflare.com; img-src 'self'; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://www.google-analytics.com; style-src 'self' https://ajax.googleapis.com https://cdnjs.cloudflare.com; report-uri https://trowbotham.report-uri.io/r/default/csp/enforce
[1]:
> Content Security Policy: The page’s settings blocked the loading of a resource at https://trowbotham.com/bug_tests/4159_1332269164.mp3 (“default-src”).
Assignee: jh+bugzilla → nobody
Status: RESOLVED → REOPENED
Flags: needinfo?(jh+bugzilla)
Priority: P2 → --
Resolution: WORKSFORME → ---
Summary: Seeking to unbuffered position breaks playback on mp3 → Page CSP can break seeking to unbuffered position breaks playback on mp3
Updated•6 years ago
|
Summary: Page CSP can break seeking to unbuffered position breaks playback on mp3 → Page CSP can break seeking to unbuffered position (in mp3 playback)
Reporter | ||
Comment 7•6 years ago
|
||
The media type here is likely irrelevant. I was using a snippet of code from the HTML5 Boilerplate Project (H5BP) to handle when not to send the CSP header. The list at [1] are the file extensions for which the CSP header is not sent [2], on my server at any rate, and likely any other server that uses the H5BP.
I would have to agree that this requires some more investigation. Having the browser's built-in pages affected by a site's CSP seems wrong to me.
[1] https://github.com/h5bp/server-configs-apache/blob/master/src/files_match_pattern
[2] https://github.com/h5bp/server-configs-apache/blob/master/src/security/content-security-policy.conf
Reporter | ||
Comment 9•6 years ago
|
||
Sigh... sorry for the bug spam. Meant to be depends on.
Updated•6 years ago
|
Rank: 15
Priority: -- → P2
Comment 10•6 years ago
|
||
If this is similar to bug 1190558, this is still on our regression radar. Nils, is this actively being looked at?
Flags: needinfo?(drno)
Updated•6 years ago
|
Flags: webcompat?
Whiteboard: [webcompat]
Updated•6 years ago
|
Comment 11•6 years ago
|
||
(In reply to Jan Henning [:JanH] from comment #6)
> Yes, I was going to write that this was presumably caused by your CSP [1],
> however our behaviour here might still be worth investigating, as it's a bit
> strange that the initial load (or any loads from the disk cache, provided we
> manage to download the whole file and store it there) succeeds, but
> additional requests caused by seeking to outside of the currently buffered
> range are then blocked by the CSP.
>
this is due to the media cache layer between the demuxer and the HTTP resource.
the media cache download continuously by block of 32kB regardless of how much the demuxer is requesting.
Even when you seek in the resource, the Media Cache may decide to continue the current download and provide that range. Downloading continuously to get to where we wanted is often less expensive than opening a new http request.
Updated•6 years ago
|
status-firefox64:
--- → wontfix
status-firefox65:
--- → fix-optional
status-firefox66:
--- → fix-optional
Comment 12•6 years ago
|
||
Migrating Webcompat whiteboard priorities to project flags. See bug 1547409.
Webcompat Priority: --- → ?
Comment 13•6 years ago
|
||
See bug 1547409. Migrating whiteboard priority tags to program flags.
Updated•5 years ago
|
Webcompat Priority: ? → ---
Updated•5 years ago
|
Priority: P2 → P3
Whiteboard: [webcompat] → [webcompat] [media-playback]
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•