I have noticed that the HTML5 video/audio player (AppleCoreMedia) on mobile Safari on iOS 7 excludes all cookies, even first-party cookies. Not even sessions cookies are included in the HTTP-header. This makes it impossible to relay on cookie authorization when playing a video clip in mobile Safari on iOS 7.
All cookies are included correctly running iOS 6 but on iOS 7 no cookies are included in the HTTP-header of AppleCoreMedia.
Can some one else confirm this issue on iOS 7?
Steps to reproduce is:
- Create a cookie on a web page.
- Play a HTML5 video clip on the same web page using mobile Safari in iOS 7.
- Check the server logs for AppleCoreMedia and look for the cookie.
Update 2016-09-20: The video player in iOS 10 (AppleCoreMedia) is not able to read session cookies. Only cookies set with an expire date is readable by the video player.
For iOS10, if you respond with a 403 forbidden, AppleCoreMedia will somehow try again but this time with the missing cookies. If you have code that redirects to login page when the session cookie is missing, video will not work on iOS 10.
I have developed a simple test where you can check if your iOS device have this bug.
Read more about the test here!
The bug continues to exists in iOS 7.1
Obviously Apple is ignoring this bug and I can not understand why since it affects so many users.
I have been running some tests on a iOS 7.1 device that had this problem and it is pretty clear that the bug is related to the private browsing feature. Turning private browsing on and then off fixes the problem on the device.
I'm still seeing problems with iOS 7.0.4, unfortunately. Is the below consistent with what you're seeing or is this perhaps another type of issue?
My test server is running Moodle on Apache and one user can consistently replicate this with two iPads on iOS 7.0.4. The HTTP 407s in the logs below is a Moodle thing. As you can see the cookie is not sent with the range requests:
access_log:
xxx.yyy.zzz.227 - - [22/Nov/2013:23:11:18 +0000] "GET /pluginfile.php/21/mod_videofile/videos/0/trailer_test.mp4 HTTP/1.1" 200 3711807 "http://xyz.bitnamiapp.com/mod/videofile/view.php?id=2" "Mozilla/5.0 (iPad; CPU OS 7_0_4 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11B554a Safari/9537.53"
xxx.yyy.zzz.227 - - [22/Nov/2013:23:11:19 +0000] "GET /pluginfile.php/21/mod_videofile/videos/0/trailer_test.mp4 HTTP/1.1" 407 12818 "-" "AppleCoreMedia/1.0.0.11B554a (iPad; U; CPU OS 7_0_4 like Mac OS X; en_us)"
...
forensic_log:
+Uo-kj38AAAEAAH0O5MEAAAAJ|GET /pluginfile.php/21/mod_videofile/videos/0/trailer_test.mp4 HTTP/1.1|Host:xyz.bitnamiapp.com|Referer:http%3a//xyz.bitnamiapp.com/mod/videofile/view.php?id=2|Accept-Encoding:gzip, deflate|Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8|Accept-Language:en-us|Cookie:MoodleSession=24gkspshgl8027k3l7p2cor631|Connection:keep-alive|DNT:1|User-Agent:Mozilla/5.0 (iPad; CPU OS 7_0_4 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11B554a Safari/9537.53
+Uo-kkH8AAAEAAB2cL4IAAAAA|GET /pluginfile.php/21/mod_videofile/videos/0/trailer_test.mp4 HTTP/1.1|Host:xyz.bitnamiapp.com|Range:bytes=0-1|X-Playback-Session-Id:DF1039A4-571B-4EB8-BFFB-EF07CD730CA2|Accept-Encoding:identity|Accept:*/*|Accept-Language:en-us|Connection:keep-alive|User-Agent:AppleCoreMedia/1.0.0.11B554a (iPad; U; CPU OS 7_0_4 like Mac OS X; en_us)
-Uo-kj38AAAEAAH0O5MEAAAAJ
-Uo-kkH8AAAEAAB2cL4IAAAAA
...
Using iOS 7.0.2, I am seeing cookies included in the request. Here's my user agent header:
User-Agent: AppleCoreMedia/1.0.0.11A501 (iPad; U; CPU OS 7_0_2 like Mac OS X; en_us)
This problem is not yet fixed by Apple. We are continuously receiving reports from our users running iOS 7.0.6 that they are not able to play video clips because no cookies are included in the header.
And for many users, turning safari into private mode, and then back to normal, does not fix the problem.
I have also noted that Dropbox wrote in their blog that they have reverted back to url token authenticating because of problems of these kind with video players.
Apple is continuously ignoring our bug report so this bug will probably not be fixed for a long time.
I'm hearing on the grapevine that iOS 10.2 will contain a fix for this problem
I had similar problems with cookies on iOS 7.0.3, but they are fixed now with iOS 7.0.4. Let's hope it stays this way.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 该账号已被封号 的文章《HTML5 video/audio player on mobile Safari (iOS 7 &》','https://www.manongdao.com/article-217829.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}