jumpcutter icon indicating copy to clipboard operation
jumpcutter copied to clipboard
verified publisher icon WofWca

Cross-origin restriction circumvention?

Open WofWca opened this issue 3 years ago • 5 comments

We can't directly analyze audio from video elements whose source is cross-origin, although they can be played back just fine. And this applies to many websites (Zoom call recordings, Invidious, Google Drive videos, many others).

Currently what we're doing is suggest opening the source directly in a new tab: image

But would be cool if it just worked somehow. Preferably without violating what's cross-origin restriction is made for -

leaking information to the script where the cross-origin media element is played - you could say that information about which parts are silent and which are not could be considered that? But e.g. accessing `el.duration` can be considered this too? So maybe the cross-origin restriction in itself doesn't make too much sense in the first place? Or maybe it must also restrict the loading and playback of the media at all?)

Somewhat of an option is to contact the website owners and ask them to apply the required cross-origin headers to the source (I think it's Access-Control-Allow-Origin?) but you can't contact them all.

More info:

  • The responsible Web Audio API part of the spec: https://webaudio.github.io/web-audio-api/#MediaElementAudioSourceOptions-security
  • An issue related to this, with some suggested solutions: https://github.com/WebAudio/web-audio-api/issues/2453
  • HTMLMediaElement's spec, search for "cross": https://html.spec.whatwg.org/multipage/media.html#security-and-privacy-considerations
  • Same issue in a similar extension: https://github.com/vantezzen/skip-silence/issues/71

Advice or thoughts are appreciated (as always).

WofWca avatar Apr 21 '22 13:04 WofWca

wait how did u detect the likelihood of media being unsupported?

abhi-neelam avatar Oct 21 '23 06:10 abhi-neelam

@LoneCoder21

It's this check

https://github.com/WofWca/jumpcutter/blob/81b4e507b68d9f7c50e90161326edc65038ae28c/src/entry-points/content/helpers/isSourceCrossOrigin.ts#L37

See the comment:

https://github.com/WofWca/jumpcutter/blob/c63821f8f61c41f66f790018f795db49778b0c14/src/entry-points/content/AllMediaElementsController.ts#L96-L115

So it's not like we detect an actual likelihood expressed as a number between 0 and 100%, but rather "it's cross-origin, so it's probably not gonna work".

WofWca avatar Oct 21 '23 11:10 WofWca

Oh i see. I had this issue in my extension too so I'll just use this option 😞

abhi-neelam avatar Oct 21 '23 20:10 abhi-neelam