Crossorigin and Credentials for Audio

[izderadicka]

Hi,

when you creating audio element in code you fix crossorigin to anonymous audio.crossOrigin = "anonymous";.

This causes problem with servers, which would require some credentials to be included with requests, value use-credentials fixes this problem.
However just using it in all cases will probably break some other uses cases, because then there are more strict rules for URLs and CORS headers. Ideally this should be choice when creating Webamp.

P.S. Thanks for Webamp, it is cool, I have been using winamp for years in past century :-)

[captbaritone]

Oh interesting. Good point. Do you think it makes sense to have this be configurable on a per-Webamp-instance level, or perhaps as an optional field on the audio track itself? In theory someone might want to mix tracks served from different servers.

[izderadicka]

Hi,
thanks for quick response,
for my use case configurable option on Webamp instance is fine for me.
Use case is:

1. Authenticate with a site, this will result with some credentials - usually cookies,
2. Open Webamp instance
3. Load a playlist from that site to Webamp
4. Eventually choose another playlist from that side and go to 3

There might be theoretically use case for per audio track option, but that would be bit complex case to have a mix - because you have to decide per url - do I need to send credentials to that site (and you'll need to have them in browser already) or opposite - if I set "use-credentials' for this particular URL, will it not break it down - because it's not secure, or server does not provide right CORS header.
For me it'll work as well - I'll just set same - use-credentials - for all items in play list.