Opened 22 months ago
Last modified 22 months ago
#9396 new defect
incorrect handling of cookies for m3u8 playlists
Reported by: | SoMuchForSubtlety | Owned by: | |
---|---|---|---|
Priority: | normal | Component: | ffmpeg |
Version: | Keywords: | m3u8, cookie | |
Cc: | SoMuchForSubtlety | Blocked By: | |
Blocking: | Reproduced by developer: | no | |
Analyzed by developer: | no |
Description
Summary of the bug:
ffmpeg discards cookies from 'Set-Cookie' headers when accessing m3u8 streams.
How to reproduce:
I'm trying to use ffmpeg play a m3u8 playlist. When requesting the master playlist file, the server response with a 'Set-Cookie' header.
ffmpeg correctly uses that cookie when requesting the first sub-playlist, but then discards it for all subsequent requests, leading to authentication failure.
❯ ffprobe -loglevel trace https://ott-video-cf.formula1.com/out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/index.m3u8\?kid\=1042\&exp\=1630168253\&ttl\=1440\&token\=p-xyz_\&start\=2021-08-27T15:45:17+00:00 ffprobe version 4.4 Copyright (c) 2007-2021 the FFmpeg developers built with gcc 11 (GCC) configuration: --prefix=/usr --bindir=/usr/bin --datadir=/usr/share/ffmpeg --docdir=/usr/share/doc/ffmpeg --incdir=/usr/include/ffmpeg --libdir=/usr/lib64 --mandir=/usr/share/man --arch=x86_64 --optflags='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' --extra-ldflags='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld ' --extra-cflags=' -I/usr/include/rav1e' --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libvo-amrwbenc --enable-version3 --enable-bzlib --disable-crystalhd --enable-fontconfig --enable-frei0r --enable-gcrypt --enable-gnutls --enable-ladspa --enable-libaom --enable-libdav1d --enable-libass --enable-libbluray --enable-libcdio --enable-libdrm --enable-libjack --enable-libfreetype --enable-libfribidi --enable-libgsm --enable-libmp3lame --enable-libmysofa --enable-nvenc --enable-openal --enable-opencl --enable-opengl --enable-libopenjpeg --enable-libopenmpt --enable-libopus --enable-libpulse --enable-librsvg --enable-librav1e --enable-libsmbclient --enable-version3 --enable-libsoxr --enable-libspeex --enable-libsrt --enable-libssh --enable-libsvtav1 --enable-libtheora --enable-libvorbis --enable-libv4l2 --enable-libvidstab --enable-libvmaf --enable-version3 --enable-vapoursynth --enable-libvpx --enable-vulkan --enable-libglslang --enable-libwebp --enable-libx264 --enable-libx265 --enable-libxvid --enable-libxml2 --enable-libzimg --enable-libzvbi --enable-lv2 --enable-avfilter --enable-avresample --enable-libmodplug --enable-postproc --enable-pthreads --disable-static --enable-shared --enable-gpl --disable-debug --disable-stripping --shlibdir=/usr/lib64 --enable-lto --enable-libmfx --enable-runtime-cpudetect libavutil 56. 70.100 / 56. 70.100 libavcodec 58.134.100 / 58.134.100 libavformat 58. 76.100 / 58. 76.100 libavdevice 58. 13.100 / 58. 13.100 libavfilter 7.110.100 / 7.110.100 libavresample 4. 0. 0 / 4. 0. 0 libswscale 5. 9.100 / 5. 9.100 libswresample 3. 9.100 / 3. 9.100 libpostproc 55. 9.100 / 55. 9.100 [NULL @ 0x55ac9354cc40] Opening 'https://ott-video-cf.formula1.com/out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/index.m3u8?kid=1042&exp=1630168253&ttl=1440&token=p-xyz_&start=2021-08-27T15:45:17+00:00' for reading [https @ 0x55ac9354d8c0] Setting default whitelist 'http,https,tls,rtp,tcp,udp,crypto,httpproxy' [tcp @ 0x55ac93550e40] Original list of addresses: [tcp @ 0x55ac93550e40] Address 52.84.109.12 port 443 [tcp @ 0x55ac93550e40] Address 52.84.109.113 port 443 [tcp @ 0x55ac93550e40] Address 52.84.109.36 port 443 [tcp @ 0x55ac93550e40] Address 52.84.109.15 port 443 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:d400:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:2400:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:6e00:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:de00:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:3400:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:4600:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:0:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:600:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93550e40] Interleaved list of addresses: [tcp @ 0x55ac93550e40] Address 52.84.109.12 port 443 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:d400:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93550e40] Address 52.84.109.113 port 443 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:2400:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93550e40] Address 52.84.109.36 port 443 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:6e00:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93550e40] Address 52.84.109.15 port 443 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:de00:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:3400:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:4600:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:0:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:600:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93550e40] Starting connection attempt to 52.84.109.12 port 443 [tcp @ 0x55ac93550e40] Successfully connected to 52.84.109.12 port 443 [https @ 0x55ac9354d8c0] request: GET /out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/index.m3u8?kid=1042&exp=1630168253&ttl=1440&token=p-xyz_&start=2021-08-27T15:45:17+00:00 HTTP/1.1 User-Agent: Lavf/58.76.100 Accept: */* Range: bytes=0- Connection: close Host: ott-video-cf.formula1.com Icy-MetaData: 1 [https @ 0x55ac9354d8c0] header='HTTP/1.1 206 Partial Content' [https @ 0x55ac9354d8c0] http_code=206 [https @ 0x55ac9354d8c0] header='Content-Type: application/x-mpegURL' [https @ 0x55ac9354d8c0] header='Content-Length: 3133' [https @ 0x55ac9354d8c0] header='Connection: close' [https @ 0x55ac9354d8c0] header='Date: Fri, 27 Aug 2021 17:57:08 GMT' [https @ 0x55ac9354d8c0] header='Server: nginx/1.18.0' [https @ 0x55ac9354d8c0] header='Cache-Control: max-age=2' [https @ 0x55ac9354d8c0] header='Access-Control-Allow-Origin: *' [https @ 0x55ac9354d8c0] header='Access-Control-Allow-Credentials: true' [https @ 0x55ac9354d8c0] header='X-Mediapackage-Request-Id: Root=1-61292774-5ede71692056c58345c60b7a' [https @ 0x55ac9354d8c0] header='Vary: Accept-Encoding,Origin' [https @ 0x55ac9354d8c0] header='Content-Range: bytes 0-3132/3133' [https @ 0x55ac9354d8c0] header='Via: 1.1 4988aba3224481ada0837b985e86ef38.cloudfront.net (CloudFront)' [https @ 0x55ac9354d8c0] header='X-Cff-Response: true' [https @ 0x55ac9354d8c0] header='X-Cff-Request: true' [https @ 0x55ac9354d8c0] header='Set-Cookie: playToken=path:%2Fout%2Fv1%2Ffea30aa35ecd4c7abc06b4c7f8b4c980%2F|kid:0101|exp:1630168253|geo:AT|token:JSfTHzE4-R9TBDtDhjT2YhVyGmV-nk3HoJ3bTvp7Bew_;Path=/out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/;SameSite=None;Secure;' [https @ 0x55ac9354d8c0] header='X-Cache: Miss from cloudfront' [https @ 0x55ac9354d8c0] header='X-Amz-Cf-Pop: BUD50-C1' [https @ 0x55ac9354d8c0] header='X-Amz-Cf-Id: 1yLpw9zRVtx1mKl4schta8A3Cts2RpnJzSeZlAEXDCET7v1gxvp5pA==' [https @ 0x55ac9354d8c0] header='' Probing hls score:100 size:2048 [hls @ 0x55ac9354cc40] Format hls probed with size=2048 and score=100 [hls @ 0x55ac9354cc40] Skip ('#EXT-X-VERSION:4') [hls @ 0x55ac9354cc40] Skip ('#EXT-X-INDEPENDENT-SEGMENTS') [hls @ 0x55ac9354cc40] Skip ('#EXT-X-I-FRAME-STREAM-INF:BANDWIDTH=128000,CODECS="avc1.4D401E",RESOLUTION=480x270,URI="index_7.m3u8?start=2021-08-27T15:45:17+00:00"') [hls @ 0x55ac9354cc40] Can't support the subtitle(uri: index_15_0.m3u8?start=2021-08-27T15:45:17+00:00) [hls @ 0x55ac9354cc40] Can't support the subtitle(uri: index_16_0.m3u8?start=2021-08-27T15:45:17+00:00) [hls @ 0x55ac9354cc40] Can't support the subtitle(uri: index_17_0.m3u8?start=2021-08-27T15:45:17+00:00) [hls @ 0x55ac9354cc40] Opening 'https://ott-video-cf.formula1.com/out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/index_1.m3u8?start=2021-08-27T15:45:17+00:00' for reading [tcp @ 0x55ac93b10380] Original list of addresses: [tcp @ 0x55ac93b10380] Address 52.84.109.36 port 443 [tcp @ 0x55ac93b10380] Address 52.84.109.15 port 443 [tcp @ 0x55ac93b10380] Address 52.84.109.12 port 443 [tcp @ 0x55ac93b10380] Address 52.84.109.113 port 443 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:2400:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:4600:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:600:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:0:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:de00:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:6e00:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:d400:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:3400:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93b10380] Interleaved list of addresses: [tcp @ 0x55ac93b10380] Address 52.84.109.36 port 443 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:2400:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93b10380] Address 52.84.109.15 port 443 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:4600:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93b10380] Address 52.84.109.12 port 443 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:600:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93b10380] Address 52.84.109.113 port 443 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:0:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:de00:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:6e00:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:d400:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:3400:3:1e39:c280:93a1 port 443 [tcp @ 0x55ac93b10380] Starting connection attempt to 52.84.109.36 port 443 [tcp @ 0x55ac93b10380] Successfully connected to 52.84.109.36 port 443 [https @ 0x55ac93859c80] request: GET /out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/index_1.m3u8?start=2021-08-27T15:45:17+00:00 HTTP/1.1 User-Agent: Lavf/58.76.100 Accept: */* Range: bytes=0- Connection: keep-alive Host: ott-video-cf.formula1.com Cookie: playToken=path:%2Fout%2Fv1%2Ffea30aa35ecd4c7abc06b4c7f8b4c980%2F|kid:0101|exp:1630168253|geo:AT|token:JSfTHzE4-R9TBDtDhjT2YhVyGmV-nk3HoJ3bTvp7Bew_ Icy-MetaData: 1 [https @ 0x55ac93859c80] header='HTTP/1.1 206 Partial Content' [https @ 0x55ac93859c80] http_code=206 [https @ 0x55ac93859c80] header='Content-Type: application/x-mpegURL' [https @ 0x55ac93859c80] header='Content-Length: 61512' [https @ 0x55ac93859c80] header='Connection: keep-alive' [https @ 0x55ac93859c80] header='Date: Fri, 27 Aug 2021 17:57:09 GMT' [https @ 0x55ac93859c80] header='Server: nginx/1.18.0' [https @ 0x55ac93859c80] header='Cache-Control: max-age=2' [https @ 0x55ac93859c80] header='Access-Control-Allow-Origin: *' [https @ 0x55ac93859c80] header='Access-Control-Allow-Credentials: true' [https @ 0x55ac93859c80] header='X-Mediapackage-Request-Id: Root=1-61292775-02a74e8552a03c9e36bb36a9' [https @ 0x55ac93859c80] header='Vary: Accept-Encoding,Origin' [https @ 0x55ac93859c80] header='Content-Range: bytes 0-61511/61512' [https @ 0x55ac93859c80] header='Via: 1.1 d667fe6bf9fe3fd5597714f8c6efee73.cloudfront.net (CloudFront)' [https @ 0x55ac93859c80] header='X-Cff-Response: true' [https @ 0x55ac93859c80] header='X-Cff-Request: true' [https @ 0x55ac93859c80] header='Set-Cookie: playToken=path:%2Fout%2Fv1%2Ffea30aa35ecd4c7abc06b4c7f8b4c980%2F|kid:0101|exp:1630168253|geo:AT|token:JSfTHzE4-R9TBDtDhjT2YhVyGmV-nk3HoJ3bTvp7Bew_' [https @ 0x55ac93859c80] header='X-Cache: Miss from cloudfront' [https @ 0x55ac93859c80] header='X-Amz-Cf-Pop: BUD50-C1' [https @ 0x55ac93859c80] header='X-Amz-Cf-Id: 2v7h9tR72xGj6bC4_hcQEfd1z69smUJU1TTR701JllI6oMEgNcv58Q==' [https @ 0x55ac93859c80] header='' [hls @ 0x55ac9354cc40] Skip ('#EXT-X-VERSION:4') [hls @ 0x55ac9354cc40] Skip ('#EXT-X-DISCONTINUITY-SEQUENCE:14') [hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-TIME:2021-08-27T15:45:11.677Z') [hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-TIME:2021-08-27T15:55:11.677Z') [hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-TIME:2021-08-27T16:05:11.677Z') [hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-TIME:2021-08-27T16:15:11.677Z') [hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-TIME:2021-08-27T16:25:11.677Z') [hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-TIME:2021-08-27T16:35:11.677Z') [hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-TIME:2021-08-27T16:45:11.677Z') [hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-TIME:2021-08-27T16:55:11.677Z') [hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-TIME:2021-08-27T17:05:11.677Z') [hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-TIME:2021-08-27T17:15:11.677Z') [hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-TIME:2021-08-27T17:25:11.677Z') [hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-TIME:2021-08-27T17:35:11.677Z') [hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-TIME:2021-08-27T17:45:11.677Z') [hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-TIME:2021-08-27T17:55:11.677Z') [https @ 0x55ac93aef440] Opening 'https://ott-video-cf.formula1.com/out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/index_2.m3u8?start=2021-08-27T15:45:17+00:00' for reading [https @ 0x55ac93859c80] request: GET /out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/index_2.m3u8?start=2021-08-27T15:45:17+00:00 HTTP/1.1 User-Agent: Lavf/58.76.100 Accept: */* Range: bytes=0- Connection: keep-alive Host: ott-video-cf.formula1.com Icy-MetaData: 1 [https @ 0x55ac93859c80] header='HTTP/1.1 400 BadRequest' [https @ 0x55ac93859c80] http_code=400 [https @ 0x55ac93859c80] HTTP error 400 BadRequest
Downstream reports
https://github.com/robvdpol/RaceControl/issues/210
https://github.com/SoMuchForSubtlety/f1viewer/issues/186
Note:
See TracTickets
for help on using tickets.