HTML5 Audio, Web Audio API, CORS and Firefox

5
votes

I have been trying to get this to run correctly so days now with no luck.

I have created a custom audio player, that accesses an MP3 on a S3 Amazon server. The audio player has custom controls enabled by Javascript, and a Audio Visualizer made possible by the Web Audio API.

Now the problem I am running into is this: Work fine on Chrome. Safari out right says it can't run the Web Audio API, but the audio will still play. In Firefox, the entire thing shuts down. Click play... nothing. I thought it was a CORS issue, so we set the proper headers on the server and still nothing. BUT... if I deactivate the Web Audio API visualizer, then I can get the player to play just fine.

http://jsfiddle.net/murphy1976/yqqf7uL1/1/

Here is my jFiddle. I have separated the Audio Player controls Script from the Visualizer Script with comments so you can see how it will work in Firefox, and how it will NOT work in Firefox.

I read somewhere that this issue that I'm running into MAY be a bug with Firefox. I just want to make sure so that I can stop beating my skull over this.

Could I put a call to CORS here?:

<source crossorigin="anonymous" src="audioFiles/35022797.mp3" id="srcMP3" type="audio/mp3">
2
javascripthtmlfirefoxaudiocross-domain
Does your server serve the audio resource with an Access-Control-Allow-Origin: * response header? Generally, a script cannot read cross-origin resources unless it is allowed by a CORS response header from the server when the the resource is served. (If you are not serving CORS responses, it appears that Chrome is wrong here to allow you to read the resource.)apsillers
@apsillers we have followed the proper steps outlined here: docs.aws.amazon.com/AmazonS3/latest/dev/cors.html and are still unable to get that header. All we can get is a Error: Access Denied. I guess I am confused as to why I don't get this error in Chrome or Safari.Murphy1976
It appears that Firefox ignores CORS headers that should allow it to read cross-origin audio files, per this bug. It appears that Chrome is too permissive (plays even when CORS is missing) and Firefox is too strict (does not play even when CORS is present). Is it possible to host the media on the same origin as your player?apsillers
Unfortunately, due to the nature of our business, that is not an option. If its a bug, then it's a bug, and we just have to wait until it is resolved or fixed. Thank you once again for your assistance.Murphy1976
The Web Audio API has a ways to go before it will see widespread mature implementation (that bug is over a year old). A possible solution you could implement now would be to use a same-origin reverse proxy to fetch the media (e.g., http://myorigin.com/fetch?path=http://otherorigin.com/song.mp3). You'd need to set up a server to fetch the media and serve it on your origin. (Note it will not work for credential-protected content.)apsillers

2 Answers

23
votes

The same-origin policy says that scripts run on some origin cannot read resources from another origin. (An origin is a domain, plus a scheme and port, like http://foo.example.com:80.)

Note that the same-origin policy does not prevent cross-origin media from being displayed to the user. Rather, it prevents scripts from programmatically reading cross-origin resources. Consider the <img> tag: a page on example.com can show a cross-origin image from other.com, but a script on example.com's page cannot read the contents of that image. The user can see it; the page cannot.

The Web Audio API can read the contents of audio files. If an audio file is from a different origin, this kind of reading is not allow by the same-origin policy. A user can listen to a cross-origin audio file, but a script on the page cannot read the contents of the file. When you attempt to feed a cross-origin audio file into an analyzer script (e.g., so that you can draw a visualization on a canvas), the same-origin policy should stop you. You are attempting to violate the same-origin policy, and the browser is correctly stopping you by refusing to play the audio in way that would allow you to read the file contents.

Note that Chrome does not prevent such cross-origin file reading for audio files, and this is incorrect behavior.

The correct solution is to have your media servers serve the audio files with a CORS Access-Control-Allow-Origin: * HTTP response header. However, this currently does not work in Firefox, which is incorrect behavior. If Firefox hopes to have a compliant implementation, this will be fixed eventually.

0
votes

Confirmed that there is a bug in Firefox for using the createMediaElementSource method on a cross domain source:

https://bugzilla.mozilla.org/show_bug.cgi?id=937718