Bug 214932

Summary: web audio api outputs silence for 302 redirected resource in safari
Product: WebKit Reporter: Nico <hubblebot>
Component: Web AudioAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: aakash_jain, ap, cdumez, chrisguttandin, commit-queue, darin, eric.carlson, ews-watchlist, ggaren, glenn, hubblebot, jer.noble, mike, philipj, ryanhaddad, sergio, webkit-bot-watchers-bugzilla, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Safari 13   
Hardware: All   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=184866
Bug Depends on: 216923    
Bug Blocks: 212611    
Attachments:
Description Flags
Patch ews-feeder: commit-queue-

Description Nico 2020-07-29 12:51:10 PDT 
In Safari, when an AudioContext is assigned to an audio element linked to a source with a 302 redirect in front of it, it outputs silence instead of normal audio without any errors in the log. By contrast, Chrome and Firefox have no issues with the same source.

See the demo with a simple visualizer and three options to attach the source and play the audio:

The first option links directly to the media source with a 200 response, assigns the AudioContext, and plays correctly in safari. 

The second option shows the issue when the link instead goes to a 302 redirect before going to the source audio, and outputs silence when the AudioContext is assigned.

The third option attaches the 302 redirect resource, but does not assign an AudioContext, and plays correctly in safari.
Comment 1 Radar WebKit Bug Importer 2020-07-29 17:02:58 PDT 
<rdar://problem/66300050>
Comment 2 Chris Dumez 2020-07-30 09:31:07 PDT 
I wonder if this is a regression from https://trac.webkit.org/changeset/231513/webkit.
Comment 3 Nico 2020-07-30 10:50:23 PDT 
I originally thought it was a CORS issue because the behavior seems to be specified in the web audio spec https://www.w3.org/TR/webaudio/#MediaElementAudioSourceOptions-security

But I haven't been able to resolve the issue with Access-Control-Allow-Origin, Access-Control-Expose-Headers, or Access-Control-Allow-Methods, which suggests to me that it's taking issue with the redirect itself for some reason
Comment 4 Chris Dumez 2020-07-30 10:51:32 PDT 
(In reply to Nico from comment #3)
> I originally thought it was a CORS issue because the behavior seems to be
> specified in the web audio spec
> https://www.w3.org/TR/webaudio/#MediaElementAudioSourceOptions-security
> 
> But I haven't been able to resolve the issue with
> Access-Control-Allow-Origin, Access-Control-Expose-Headers, or
> Access-Control-Allow-Methods, which suggests to me that it's taking issue
> with the redirect itself for some reason

Probably because the redirect is cross-origin. My bet is that a same-origin redirect would cause no issue.
Comment 5 Nico 2020-07-30 11:13:51 PDT 
(In reply to Chris Dumez from comment #4)
> (In reply to Nico from comment #3)
> > I originally thought it was a CORS issue because the behavior seems to be
> > specified in the web audio spec
> > https://www.w3.org/TR/webaudio/#MediaElementAudioSourceOptions-security
> > 
> > But I haven't been able to resolve the issue with
> > Access-Control-Allow-Origin, Access-Control-Expose-Headers, or
> > Access-Control-Allow-Methods, which suggests to me that it's taking issue
> > with the redirect itself for some reason
> 
> Probably because the redirect is cross-origin. My bet is that a same-origin
> redirect would cause no issue.


Gotcha — it's a bug and not a feature in this case, I hope?
Comment 6 Chris Dumez 2020-07-30 11:41:43 PDT 
This is caused by this check:
--- a/Source/WebCore/Modules/webaudio/MediaElementAudioSourceNode.cpp
+++ b/Source/WebCore/Modules/webaudio/MediaElementAudioSourceNode.cpp
@@ -107,8 +107,8 @@ void MediaElementAudioSourceNode::setFormat(size_t numberOfChannels, float sourc
 
 bool MediaElementAudioSourceNode::wouldTaintOrigin()
 {
-    if (!m_mediaElement->hasSingleSecurityOrigin())
-        return true;
+    //if (!m_mediaElement->hasSingleSecurityOrigin())
+    //    return true;
 
     if (m_mediaElement->didPassCORSAccessCheck())
         return false;

If I comment it out then it passes. Seems we are stricter than other browsers here and likely not matching the spec [1]. Hopefully, Jer and Youenn can help here. I think Jer made this change and Youenn is the Fetch expert (since Fetch spec is referenced here).

[1] https://www.w3.org/TR/webaudio/#MediaElementAudioSourceOptions-security
Comment 7 Chris Dumez 2020-09-23 15:06:59 PDT 
Created attachment 409504 [details]
Patch
Comment 8 EWS 2020-09-23 16:06:27 PDT 
commit-queue failed to commit attachment 409504 [details] to WebKit repository.
Comment 9 EWS 2020-09-23 16:25:36 PDT 
Committed r267507: <https://trac.webkit.org/changeset/267507>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 409504 [details].
Comment 10 Aakash Jain 2020-09-24 04:20:58 PDT 
(In reply to EWS from comment #9)
> Committed r267507: <https://trac.webkit.org/changeset/267507>
These 2 newly added tests are consistently failing on windows, as also indicated by EWS.

http/tests/security/webaudio-render-remote-audio-allowed-crossorigin-redirect.html
http/tests/security/webaudio-render-remote-audio-blocked-no-crossorigin-redirect.html

History: https://results.webkit.org/?suite=layout-tests&suite=layout-tests&test=js%2Fdom%2Ftransform-stream.html&test=http%2Ftests%2Fsecurity%2Fwebaudio-render-remote-audio-blocked-no-crossorigin-redirect.html&platform=win
Comment 11 Aakash Jain 2020-09-24 04:47:19 PDT 
Also these tests seems to be causing false positives on EWS as well.
e.g.: https://ews-build.webkit.org/#/builders/10/builds/37152
Comment 12 WebKit Commit Bot 2020-09-24 04:48:04 PDT 
Re-opened since this is blocked by bug 216923
Comment 13 Chris Dumez 2020-09-24 08:23:32 PDT 
Committed r267532: <https://trac.webkit.org/changeset/267532>