[copied from my reply to the related issue mentioned above]
I was able to reproduce an issue using the HTML 5 audio tag and the drupal_goto method in Drupal. In both cases, in Safari 5.0.5 and Safari 5.1.2, in the apache logs, the initial requests to the page include the authenticated user, but the request to download the audio file or the request to go to a new page somehow did not send the authentication information because the request in the log doesn't include anything.
So for example, I am authenticated by apache and submit a form. The page processes the form then uses drupal_goto to redierct to another page. From Chrome, the following appears in the apache log:
::1 - tom [02/Feb/2012:17:23:46 -0500] "POST /drupal/node/6?q=node/6 HTTP/1.1" 302 502
::1 - tom [02/Feb/2012:17:23:46 -0500] "GET /drupal/node/8 HTTP/1.1" 200 3019
When I do the same thing in Safari:
::1 - tom [02/Feb/2012:17:25:50 -0500] "POST /drupal/node/6?q=node/6 HTTP/1.1" 302 502
::1 - - [02/Feb/2012:17:25:50 -0500] "GET /drupal/node/8 HTTP/1.1" 401 401
::1 - tom [02/Feb/2012:17:25:55 -0500] "GET /drupal/node/8 HTTP/1.1" 200 3019
The request after the goto doesn't include authentication information - and I have to put in my username and password.
This is an annoyance in the case of redirection - having to reauthenticate every time - but in the case of HTML 5 audio it is fatal. The audio file specified in the source tag simply does not load.
This is the apache access log for when my html 5 audio page is not protected by apache auth:
127.0.0.1 - - [01/Mar/2012:09:20:06 -0500] "GET /play.html HTTP/1.1" 304 -
127.0.0.1 - - [01/Mar/2012:09:20:07 -0500] "GET /res/myaudiofile.m4a HTTP/1.1" 304 -
This is the apache access log for when my
127.0.0.1 - eric [01/Mar/2012:09:20:48 -0500] "GET /play.html HTTP/1.1" 200 1247
127.0.0.1 - - [01/Mar/2012:09:20:48 -0500] "GET /res/myaudiofile.m4a HTTP/1.1" 401 490
Notice that the first request I'm authenticated (after passing my username) and I show up as "eric". The second request is equivalent to an anonomous request and thus results in a 401 authentication error which occurs "when authentication is possible but has failed or not yet been provided". It is as though Safari is not sending the authentication information required on subsequent requests if the request is a resource from html 5 audio or as the result of a redirect.