HTML5 Mobile Audio Autplay on cross-iframes does not work when sandbox="allow-same-origin"
Reported by
spieleum...@gmail.com,
Aug 4 2017
|
||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36 Steps to reproduce the problem: 1. Load an external Audio source not based on the domain 2. set the sandbox mode to allow-same-origin 3. open the page in mobile mode audio wont autoload 4. open the page in desktop the fiel will autoload What is the expected behavior? I would expect that the audio plays in mobile mode when it's allowed as same origin What went wrong? The audio file did not autplay in mobile mode... Did this work before? No Chrome version: 60.0.3112.90 Channel: stable OS Version: 10.0 Flash Version: https://www.chromestatus.com/feature/6406908126691328
,
Aug 4 2017
document.domain to (test.com) on both sides didn't neither work to solve the problem. The contet was hosted on same domain, just different subdomains. ww2.test.com ww3.test.com
,
Aug 7 2017
Routing to iframe sandbox.
,
Aug 7 2017
,
Aug 24 2017
@Adding TE-NeedsTriageHelp, as TE doesn't have the scope of loading an external audio file.
,
Oct 5 2017
,
Oct 25 2017
mkwst@, from reading https://html.spec.whatwg.org/multipage/origin.html#sandboxing it's not clear is the bug is actually a bug. Regardless, the code is using `GetDocument().IsSandboxed(kSandboxAutomaticFeatures)` which I expect to take into account all sandboxing rules. Is this assumption correct?
,
Oct 25 2017
You need to allow scripts in order for automatic features like autoplay to work. Does `sandbox="allow-same-origin allow-scripts"` give you the same issue, spieleumsonst@?
,
Oct 25 2017
The iframe used got sandbox="allow-same-origin allow-scripts" in it for testing. A HTML5-Game was hosted on my subdomain xyz.test.com and both sites got set to document.domain="test.com" The issue: A game xyz.test.com/gamepath/ got iframed on www.test.com did not autoplay game music !!on mobile!! even though the document.domain was set and sandbox="allow-same-origin allow-scripts" activaed That's the issue case! I expect that a game hosted on my subdomain can play music auto as on desktop. Since it's on the same top-level-domain
,
Oct 25 2017
Does the autoplay work if no sandbox is present? The intervention you pointed to looks like it could be relevant. If so, do you have an example page you could point me to?
,
Oct 25 2017
Test those pages on mobile chrome and you will see what i mean. http://www.spiele-umsonst.de/gametest.php -> Game Hosted on other subdomain Does not play any music at all Used: http://gameshtml5.spiele-umsonst.de/html5games/puzzle/loottheking2/ltk2/ http://www.spiele-umsonst.de/gametest2.php -> Game Hosted on same subdomain Plays music in mobile chrome automatically Used: http://www.spiele-umsonst.de/azad/downloads/html5games/puzzle/loottheking2/ltk2/
,
Oct 25 2017
There is no way I can make it autoplay even thou its the same top-level-domain and i allow the iframe. Also trying document.domain won't help here. So it's a dead end. Chrome simply needs to allow playing audio in mobile on same top-level-domains of course.
,
Oct 25 2017
It looks like you're getting hit by the intervention you noted above. I think there's a bit of confusion about `sandbox="allow-same-origin"`: that attribute does not make the sandboxed frame same-origin with its parent. Instead, it allows the frame to have the same origin it would normally have if it wasn't sandboxed. (e.g. `<iframe sandbox src="https://example.com/"></iframe>` has an opaque origin, while `<iframe sandbox="allow-same-origin" src="https://example.com/"></iframe>` has an origin of `https://example.com`). The frame is still cross-origin to its parent, which means the intervention will kick in. Handing this back to mlamouri@ to confirm, but based on that intervention, I believe the behavior you're seeing is intentional.
,
Oct 25 2017
Hello, if this is really the intention that a top-level-domain can't autoplay from it's own subdomain, then the intention should be discussed and reverted in my opinion. For the user experience it's really bad. A lot of html5 games won't be re-coded just because of this. So the games simply won't play audio for them even it's on the same top-level-domain. I know this issue will be still alive for older games on a complete different domain which is bad enough, but for your own domain it should still work in my opinion. This is really the big downside on html5 games. All were bashing on flash games, but literally making things not working anymore, as they used, will only happen to Javascript based stuff. Because there is no guarantee of backward compatible. As we can see here. A few month ago all sounds worked fine until chrome switched to not autoplay it. Now 90% of the games, made before, are without sound all the time, if hosted from a subdomain or other top-level-domain #wouldneverhappentoflash
,
Oct 26 2017
With the new autoplay policy, you will be able to delegate the user gesture of the main frame to a x-origin frame, see bug 715049 .
,
Nov 10 2017
,
Feb 8 2018
,
Feb 18 2018
,
May 11 2018
You can fix this with `allow=autoplay` set on the iframe, such as `<iframe allow=autoplay>`, see https://developers.google.com/web/updates/2017/09/autoplay-policy-changes#iframe |
||||||||||||
►
Sign in to add a comment |
||||||||||||
Comment 1 by spieleum...@gmail.com
, Aug 4 2017