On a dev site, i've been testing mp4 files for html5 play in safari. The native player loads and plays the mp4 files fine, even without the correct MIME type declaration. But, if I add AuthType Basic to my .htaccess the files fail sometimes fail to play and sometimes play in the quicktime player.
After logging in with a valid user why would this directive stop mp4 files from playing correctly?
I suspect this is related to the the way Safari sandboxes media playback. It seems like the the page authenticates but the video file is treated as a totally separate request requiring its own login. That second authentication request fails on certain configurations and the transfer hangs waiting for credentials.
The only solution I've found, which is less than ideal, is to specifically exempt mp4 files from authentication. Add the following to the site's .htaccess file and mp4 files will be playable without logging in.
Keep in mind that if someone knew the exact path of the video files they would be able to view the files without logging in.
# Exempt movies from password protection to prevent extra login prompts
<Files ~ "\.(mp4|m4v)">
AddType video/mp4 mp4
order allow,deny
allow from all
satisfy any
</Files>
Note: The tilde tells Apache to match at the end of the filename, not in the home directory.
I was able to recreate this behavior on Lion (10.7.5) with Safari 6.02. Mountain Lion (10.8.2) with Safari 6.02 presented a second authentication window and played the videos correctly.
The only other thing, which I doubt, is that the server mime-types need to be explicitly set for mp4 playback. The second rule of the .htaccess block takes care of this, just in case.
still have the same problem. some people solved it, while adding the mime types to their .htaccess file (didn t work for me) :
AddType video/ogg .ogv
AddType video/mp4 .mp4
AddType video/mp4 .mov
AddType video/webm .webm
at the moment i m using your already mentioned "add Satisfy All" in htaccess (see code below):
<FilesMatch mp4>
Satisfy any
order allow,deny
allow from all
</FilesMatch>
it s not really a solution, since the files are now accessible, if you know the direct link to the files...for my case still ok, but looking forward to a real working solution!
I'm basically taking what @longilong and @joemailer suggested and made a more complete one for our purposes in the .htaccess:
AddType video/ogg .ogv
AddType video/mp4 .mp4
AddType video/mp4 .mov
AddType video/x-m4v .m4v
AddType video/webm .webm
# Exempt movies from password protection to prevent extra login prompts
<Files ~ "\.(ogv|mp4|mov|m4v|webm)$">
order allow,deny
allow from all
satisfy any
</Files>
the only work around i've found is to add Satisfy All directive in the directory where the media is. but of course, this is potentially available outside of the authenticated area. so, it's not an acceptable solution.
I have been having the same problem. I am not sure why this is so, but i have found a way to get Safari (I'm using version 6.0.2) to load the video files in a sub-directory of a password protected directory (.htaccess authentication). It does work if I add my login credentials to the system keychain. I am guessing that the requests for the resources are not being sent with the proper authentication. This is why the Satisfy any solution works: the resources no longer need the authentication.
I can just guess. but if you use basic authentication, the first thing that happens is that your server answer with 401 RESULT CODE. Then the browser popup with username/password dialog. The player may have problems to get the correct content now. Try work out this with Firefox and Firefox plugin to read the net-access to verify. Maybe you can solve it with having a authentication first.
