We are not handling protection events coming from the pipeline arriving directly at the decryptors. This means only the first events will be ok since it will the ones we'll get during qtdemux self-configuration, then it won't perform the context request. I sanctioned removing this on r231633 and it was wrong.
A failing test case for this would be great.
(In reply to Charlie Turner from comment #1)
> A failing test case for this would be great.
Yes, it would. I would expect the W3C could have some but I don't know if they use MSE only (haven't checked this, but it wouldn't surprise me).