Opened 3 years ago

Last modified 3 years ago

#9396 new defect

incorrect handling of cookies for m3u8 playlists

Reported by: SoMuchForSubtlety Owned by:
Priority: normal Component: ffmpeg
Version: Keywords: m3u8, cookie
Cc: SoMuchForSubtlety Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Summary of the bug:
ffmpeg discards cookies from 'Set-Cookie' headers when accessing m3u8 streams.

How to reproduce:
I'm trying to use ffmpeg play a m3u8 playlist. When requesting the master playlist file, the server response with a 'Set-Cookie' header.

ffmpeg correctly uses that cookie when requesting the first sub-playlist, but then discards it for all subsequent requests, leading to authentication failure.

❯ ffprobe -loglevel trace https://ott-video-cf.formula1.com/out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/index.m3u8\?kid\=1042\&exp\=1630168253\&ttl\=1440\&token\=p-xyz_\&start\=2021-08-27T15:45:17+00:00
ffprobe version 4.4 Copyright (c) 2007-2021 the FFmpeg developers
  built with gcc 11 (GCC)
  configuration: --prefix=/usr --bindir=/usr/bin --datadir=/usr/share/ffmpeg --docdir=/usr/share/doc/ffmpeg --incdir=/usr/include/ffmpeg --libdir=/usr/lib64 --mandir=/usr/share/man --arch=x86_64 --optflags='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' --extra-ldflags='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld ' --extra-cflags=' -I/usr/include/rav1e' --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libvo-amrwbenc --enable-version3 --enable-bzlib --disable-crystalhd --enable-fontconfig --enable-frei0r --enable-gcrypt --enable-gnutls --enable-ladspa --enable-libaom --enable-libdav1d --enable-libass --enable-libbluray --enable-libcdio --enable-libdrm --enable-libjack --enable-libfreetype --enable-libfribidi --enable-libgsm --enable-libmp3lame --enable-libmysofa --enable-nvenc --enable-openal --enable-opencl --enable-opengl --enable-libopenjpeg --enable-libopenmpt --enable-libopus --enable-libpulse --enable-librsvg --enable-librav1e --enable-libsmbclient --enable-version3 --enable-libsoxr --enable-libspeex --enable-libsrt --enable-libssh --enable-libsvtav1 --enable-libtheora --enable-libvorbis --enable-libv4l2 --enable-libvidstab --enable-libvmaf --enable-version3 --enable-vapoursynth --enable-libvpx --enable-vulkan --enable-libglslang --enable-libwebp --enable-libx264 --enable-libx265 --enable-libxvid --enable-libxml2 --enable-libzimg --enable-libzvbi --enable-lv2 --enable-avfilter --enable-avresample --enable-libmodplug --enable-postproc --enable-pthreads --disable-static --enable-shared --enable-gpl --disable-debug --disable-stripping --shlibdir=/usr/lib64 --enable-lto --enable-libmfx --enable-runtime-cpudetect
  libavutil      56. 70.100 / 56. 70.100
  libavcodec     58.134.100 / 58.134.100
  libavformat    58. 76.100 / 58. 76.100
  libavdevice    58. 13.100 / 58. 13.100
  libavfilter     7.110.100 /  7.110.100
  libavresample   4.  0.  0 /  4.  0.  0
  libswscale      5.  9.100 /  5.  9.100
  libswresample   3.  9.100 /  3.  9.100
  libpostproc    55.  9.100 / 55.  9.100
[NULL @ 0x55ac9354cc40] Opening 'https://ott-video-cf.formula1.com/out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/index.m3u8?kid=1042&exp=1630168253&ttl=1440&token=p-xyz_&start=2021-08-27T15:45:17+00:00' for reading
[https @ 0x55ac9354d8c0] Setting default whitelist 'http,https,tls,rtp,tcp,udp,crypto,httpproxy'
[tcp @ 0x55ac93550e40] Original list of addresses:
[tcp @ 0x55ac93550e40] Address 52.84.109.12 port 443
[tcp @ 0x55ac93550e40] Address 52.84.109.113 port 443
[tcp @ 0x55ac93550e40] Address 52.84.109.36 port 443
[tcp @ 0x55ac93550e40] Address 52.84.109.15 port 443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:d400:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:2400:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:6e00:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:de00:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:3400:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:4600:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:0:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:600:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93550e40] Interleaved list of addresses:
[tcp @ 0x55ac93550e40] Address 52.84.109.12 port 443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:d400:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93550e40] Address 52.84.109.113 port 443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:2400:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93550e40] Address 52.84.109.36 port 443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:6e00:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93550e40] Address 52.84.109.15 port 443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:de00:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:3400:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:4600:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:0:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:600:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93550e40] Starting connection attempt to 52.84.109.12 port 443
[tcp @ 0x55ac93550e40] Successfully connected to 52.84.109.12 port 443
[https @ 0x55ac9354d8c0] request: GET /out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/index.m3u8?kid=1042&exp=1630168253&ttl=1440&token=p-xyz_&start=2021-08-27T15:45:17+00:00 HTTP/1.1
User-Agent: Lavf/58.76.100
Accept: */*
Range: bytes=0-
Connection: close
Host: ott-video-cf.formula1.com
Icy-MetaData: 1


[https @ 0x55ac9354d8c0] header='HTTP/1.1 206 Partial Content'
[https @ 0x55ac9354d8c0] http_code=206
[https @ 0x55ac9354d8c0] header='Content-Type: application/x-mpegURL'
[https @ 0x55ac9354d8c0] header='Content-Length: 3133'
[https @ 0x55ac9354d8c0] header='Connection: close'
[https @ 0x55ac9354d8c0] header='Date: Fri, 27 Aug 2021 17:57:08 GMT'
[https @ 0x55ac9354d8c0] header='Server: nginx/1.18.0'
[https @ 0x55ac9354d8c0] header='Cache-Control: max-age=2'
[https @ 0x55ac9354d8c0] header='Access-Control-Allow-Origin: *'
[https @ 0x55ac9354d8c0] header='Access-Control-Allow-Credentials: true'
[https @ 0x55ac9354d8c0] header='X-Mediapackage-Request-Id: Root=1-61292774-5ede71692056c58345c60b7a'
[https @ 0x55ac9354d8c0] header='Vary: Accept-Encoding,Origin'
[https @ 0x55ac9354d8c0] header='Content-Range: bytes 0-3132/3133'
[https @ 0x55ac9354d8c0] header='Via: 1.1 4988aba3224481ada0837b985e86ef38.cloudfront.net (CloudFront)'
[https @ 0x55ac9354d8c0] header='X-Cff-Response: true'
[https @ 0x55ac9354d8c0] header='X-Cff-Request: true'
[https @ 0x55ac9354d8c0] header='Set-Cookie: playToken=path:%2Fout%2Fv1%2Ffea30aa35ecd4c7abc06b4c7f8b4c980%2F|kid:0101|exp:1630168253|geo:AT|token:JSfTHzE4-R9TBDtDhjT2YhVyGmV-nk3HoJ3bTvp7Bew_;Path=/out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/;SameSite=None;Secure;'
[https @ 0x55ac9354d8c0] header='X-Cache: Miss from cloudfront'
[https @ 0x55ac9354d8c0] header='X-Amz-Cf-Pop: BUD50-C1'
[https @ 0x55ac9354d8c0] header='X-Amz-Cf-Id: 1yLpw9zRVtx1mKl4schta8A3Cts2RpnJzSeZlAEXDCET7v1gxvp5pA=='
[https @ 0x55ac9354d8c0] header=''
Probing hls score:100 size:2048
[hls @ 0x55ac9354cc40] Format hls probed with size=2048 and score=100
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-VERSION:4')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-INDEPENDENT-SEGMENTS')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-I-FRAME-STREAM-INF:BANDWIDTH=128000,CODECS="avc1.4D401E",RESOLUTION=480x270,URI="index_7.m3u8?start=2021-08-27T15:45:17+00:00"')
[hls @ 0x55ac9354cc40] Can't support the subtitle(uri: index_15_0.m3u8?start=2021-08-27T15:45:17+00:00)
[hls @ 0x55ac9354cc40] Can't support the subtitle(uri: index_16_0.m3u8?start=2021-08-27T15:45:17+00:00)
[hls @ 0x55ac9354cc40] Can't support the subtitle(uri: index_17_0.m3u8?start=2021-08-27T15:45:17+00:00)
[hls @ 0x55ac9354cc40] Opening 'https://ott-video-cf.formula1.com/out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/index_1.m3u8?start=2021-08-27T15:45:17+00:00' for reading
[tcp @ 0x55ac93b10380] Original list of addresses:
[tcp @ 0x55ac93b10380] Address 52.84.109.36 port 443
[tcp @ 0x55ac93b10380] Address 52.84.109.15 port 443
[tcp @ 0x55ac93b10380] Address 52.84.109.12 port 443
[tcp @ 0x55ac93b10380] Address 52.84.109.113 port 443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:2400:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:4600:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:600:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:0:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:de00:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:6e00:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:d400:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:3400:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93b10380] Interleaved list of addresses:
[tcp @ 0x55ac93b10380] Address 52.84.109.36 port 443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:2400:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93b10380] Address 52.84.109.15 port 443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:4600:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93b10380] Address 52.84.109.12 port 443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:600:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93b10380] Address 52.84.109.113 port 443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:0:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:de00:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:6e00:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:d400:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:3400:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93b10380] Starting connection attempt to 52.84.109.36 port 443
[tcp @ 0x55ac93b10380] Successfully connected to 52.84.109.36 port 443
[https @ 0x55ac93859c80] request: GET /out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/index_1.m3u8?start=2021-08-27T15:45:17+00:00 HTTP/1.1
User-Agent: Lavf/58.76.100
Accept: */*
Range: bytes=0-
Connection: keep-alive
Host: ott-video-cf.formula1.com
Cookie: playToken=path:%2Fout%2Fv1%2Ffea30aa35ecd4c7abc06b4c7f8b4c980%2F|kid:0101|exp:1630168253|geo:AT|token:JSfTHzE4-R9TBDtDhjT2YhVyGmV-nk3HoJ3bTvp7Bew_
Icy-MetaData: 1


[https @ 0x55ac93859c80] header='HTTP/1.1 206 Partial Content'
[https @ 0x55ac93859c80] http_code=206
[https @ 0x55ac93859c80] header='Content-Type: application/x-mpegURL'
[https @ 0x55ac93859c80] header='Content-Length: 61512'
[https @ 0x55ac93859c80] header='Connection: keep-alive'
[https @ 0x55ac93859c80] header='Date: Fri, 27 Aug 2021 17:57:09 GMT'
[https @ 0x55ac93859c80] header='Server: nginx/1.18.0'
[https @ 0x55ac93859c80] header='Cache-Control: max-age=2'
[https @ 0x55ac93859c80] header='Access-Control-Allow-Origin: *'
[https @ 0x55ac93859c80] header='Access-Control-Allow-Credentials: true'
[https @ 0x55ac93859c80] header='X-Mediapackage-Request-Id: Root=1-61292775-02a74e8552a03c9e36bb36a9'
[https @ 0x55ac93859c80] header='Vary: Accept-Encoding,Origin'
[https @ 0x55ac93859c80] header='Content-Range: bytes 0-61511/61512'
[https @ 0x55ac93859c80] header='Via: 1.1 d667fe6bf9fe3fd5597714f8c6efee73.cloudfront.net (CloudFront)'
[https @ 0x55ac93859c80] header='X-Cff-Response: true'
[https @ 0x55ac93859c80] header='X-Cff-Request: true'
[https @ 0x55ac93859c80] header='Set-Cookie: playToken=path:%2Fout%2Fv1%2Ffea30aa35ecd4c7abc06b4c7f8b4c980%2F|kid:0101|exp:1630168253|geo:AT|token:JSfTHzE4-R9TBDtDhjT2YhVyGmV-nk3HoJ3bTvp7Bew_'
[https @ 0x55ac93859c80] header='X-Cache: Miss from cloudfront'
[https @ 0x55ac93859c80] header='X-Amz-Cf-Pop: BUD50-C1'
[https @ 0x55ac93859c80] header='X-Amz-Cf-Id: 2v7h9tR72xGj6bC4_hcQEfd1z69smUJU1TTR701JllI6oMEgNcv58Q=='
[https @ 0x55ac93859c80] header=''
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-VERSION:4')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-DISCONTINUITY-SEQUENCE:14')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-TIME:2021-08-27T15:45:11.677Z')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-TIME:2021-08-27T15:55:11.677Z')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-TIME:2021-08-27T16:05:11.677Z')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-TIME:2021-08-27T16:15:11.677Z')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-TIME:2021-08-27T16:25:11.677Z')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-TIME:2021-08-27T16:35:11.677Z')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-TIME:2021-08-27T16:45:11.677Z')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-TIME:2021-08-27T16:55:11.677Z')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-TIME:2021-08-27T17:05:11.677Z')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-TIME:2021-08-27T17:15:11.677Z')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-TIME:2021-08-27T17:25:11.677Z')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-TIME:2021-08-27T17:35:11.677Z')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-TIME:2021-08-27T17:45:11.677Z')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-TIME:2021-08-27T17:55:11.677Z')
[https @ 0x55ac93aef440] Opening 'https://ott-video-cf.formula1.com/out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/index_2.m3u8?start=2021-08-27T15:45:17+00:00' for reading
[https @ 0x55ac93859c80] request: GET /out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/index_2.m3u8?start=2021-08-27T15:45:17+00:00 HTTP/1.1
User-Agent: Lavf/58.76.100
Accept: */*
Range: bytes=0-
Connection: keep-alive
Host: ott-video-cf.formula1.com
Icy-MetaData: 1


[https @ 0x55ac93859c80] header='HTTP/1.1 400 BadRequest'
[https @ 0x55ac93859c80] http_code=400
[https @ 0x55ac93859c80] HTTP error 400 BadRequest

Downstream reports

https://github.com/robvdpol/RaceControl/issues/210
https://github.com/SoMuchForSubtlety/f1viewer/issues/186

Change History (1)

comment:1 by SoMuchForSubtlety, 3 years ago

Version: 4.3.2
Note: See TracTickets for help on using tickets.