[FFmpeg-trac] #9396(ffmpeg:new): incorrect handling of cookies for m3u8 playlists
FFmpeg
trac at avcodec.org
Fri Aug 27 21:05:47 EEST 2021
#9396: incorrect handling of cookies for m3u8 playlists
-------------------------------------+-------------------------------------
Reporter: | Type: defect
SoMuchForSubtlety |
Status: new | Priority: normal
Component: ffmpeg | Version: 4.3.2
Keywords: m3u8,cookie | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Summary of the bug:
ffmpeg discards cookies from 'Set-Cookie' headers when accessing m3u8
streams.
How to reproduce:
I'm trying to use ffmpeg play a m3u8 playlist. When requesting the master
playlist file, the server response with a 'Set-Cookie' header.
ffmpeg correctly uses that cookie when requesting the first sub-playlist,
but then discards it for all subsequent requests, leading to
authentication failure.
{{{
❯ ffprobe -loglevel trace https://ott-video-
cf.formula1.com/out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/index.m3u8\?kid\=1042\&exp\=1630168253\&ttl\=1440\&token\=p-xyz_\&start\=2021-08-27T15:45:17+00:00
ffprobe version 4.4 Copyright (c) 2007-2021 the FFmpeg developers
built with gcc 11 (GCC)
configuration: --prefix=/usr --bindir=/usr/bin
--datadir=/usr/share/ffmpeg --docdir=/usr/share/doc/ffmpeg
--incdir=/usr/include/ffmpeg --libdir=/usr/lib64 --mandir=/usr/share/man
--arch=x86_64 --optflags='-O2 -flto=auto -ffat-lto-objects -fexceptions -g
-grecord-gcc-switches -pipe -Wall -Werror=format-security
-Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS
-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong
-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic
-fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection'
--extra-ldflags='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now
-specs=/usr/lib/rpm/redhat/redhat-hardened-ld ' --extra-cflags='
-I/usr/include/rav1e' --enable-libopencore-amrnb --enable-libopencore-
amrwb --enable-libvo-amrwbenc --enable-version3 --enable-bzlib --disable-
crystalhd --enable-fontconfig --enable-frei0r --enable-gcrypt --enable-
gnutls --enable-ladspa --enable-libaom --enable-libdav1d --enable-libass
--enable-libbluray --enable-libcdio --enable-libdrm --enable-libjack
--enable-libfreetype --enable-libfribidi --enable-libgsm --enable-
libmp3lame --enable-libmysofa --enable-nvenc --enable-openal --enable-
opencl --enable-opengl --enable-libopenjpeg --enable-libopenmpt --enable-
libopus --enable-libpulse --enable-librsvg --enable-librav1e --enable-
libsmbclient --enable-version3 --enable-libsoxr --enable-libspeex
--enable-libsrt --enable-libssh --enable-libsvtav1 --enable-libtheora
--enable-libvorbis --enable-libv4l2 --enable-libvidstab --enable-libvmaf
--enable-version3 --enable-vapoursynth --enable-libvpx --enable-vulkan
--enable-libglslang --enable-libwebp --enable-libx264 --enable-libx265
--enable-libxvid --enable-libxml2 --enable-libzimg --enable-libzvbi
--enable-lv2 --enable-avfilter --enable-avresample --enable-libmodplug
--enable-postproc --enable-pthreads --disable-static --enable-shared
--enable-gpl --disable-debug --disable-stripping --shlibdir=/usr/lib64
--enable-lto --enable-libmfx --enable-runtime-cpudetect
libavutil 56. 70.100 / 56. 70.100
libavcodec 58.134.100 / 58.134.100
libavformat 58. 76.100 / 58. 76.100
libavdevice 58. 13.100 / 58. 13.100
libavfilter 7.110.100 / 7.110.100
libavresample 4. 0. 0 / 4. 0. 0
libswscale 5. 9.100 / 5. 9.100
libswresample 3. 9.100 / 3. 9.100
libpostproc 55. 9.100 / 55. 9.100
[NULL @ 0x55ac9354cc40] Opening 'https://ott-video-
cf.formula1.com/out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/index.m3u8?kid=1042&exp=1630168253&ttl=1440&token=p-xyz_&start=2021-08-27T15:45:17+00:00'
for reading
[https @ 0x55ac9354d8c0] Setting default whitelist
'http,https,tls,rtp,tcp,udp,crypto,httpproxy'
[tcp @ 0x55ac93550e40] Original list of addresses:
[tcp @ 0x55ac93550e40] Address 52.84.109.12 port 443
[tcp @ 0x55ac93550e40] Address 52.84.109.113 port 443
[tcp @ 0x55ac93550e40] Address 52.84.109.36 port 443
[tcp @ 0x55ac93550e40] Address 52.84.109.15 port 443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:d400:3:1e39:c280:93a1 port
443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:2400:3:1e39:c280:93a1 port
443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:6e00:3:1e39:c280:93a1 port
443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:de00:3:1e39:c280:93a1 port
443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:3400:3:1e39:c280:93a1 port
443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:4600:3:1e39:c280:93a1 port
443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:0:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:600:3:1e39:c280:93a1 port
443
[tcp @ 0x55ac93550e40] Interleaved list of addresses:
[tcp @ 0x55ac93550e40] Address 52.84.109.12 port 443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:d400:3:1e39:c280:93a1 port
443
[tcp @ 0x55ac93550e40] Address 52.84.109.113 port 443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:2400:3:1e39:c280:93a1 port
443
[tcp @ 0x55ac93550e40] Address 52.84.109.36 port 443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:6e00:3:1e39:c280:93a1 port
443
[tcp @ 0x55ac93550e40] Address 52.84.109.15 port 443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:de00:3:1e39:c280:93a1 port
443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:3400:3:1e39:c280:93a1 port
443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:4600:3:1e39:c280:93a1 port
443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:0:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93550e40] Address 2600:9000:2050:600:3:1e39:c280:93a1 port
443
[tcp @ 0x55ac93550e40] Starting connection attempt to 52.84.109.12 port
443
[tcp @ 0x55ac93550e40] Successfully connected to 52.84.109.12 port 443
[https @ 0x55ac9354d8c0] request: GET
/out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/index.m3u8?kid=1042&exp=1630168253&ttl=1440&token=p-xyz_&start=2021-08-27T15:45:17+00:00
HTTP/1.1
User-Agent: Lavf/58.76.100
Accept: */*
Range: bytes=0-
Connection: close
Host: ott-video-cf.formula1.com
Icy-MetaData: 1
[https @ 0x55ac9354d8c0] header='HTTP/1.1 206 Partial Content'
[https @ 0x55ac9354d8c0] http_code=206
[https @ 0x55ac9354d8c0] header='Content-Type: application/x-mpegURL'
[https @ 0x55ac9354d8c0] header='Content-Length: 3133'
[https @ 0x55ac9354d8c0] header='Connection: close'
[https @ 0x55ac9354d8c0] header='Date: Fri, 27 Aug 2021 17:57:08 GMT'
[https @ 0x55ac9354d8c0] header='Server: nginx/1.18.0'
[https @ 0x55ac9354d8c0] header='Cache-Control: max-age=2'
[https @ 0x55ac9354d8c0] header='Access-Control-Allow-Origin: *'
[https @ 0x55ac9354d8c0] header='Access-Control-Allow-Credentials: true'
[https @ 0x55ac9354d8c0] header='X-Mediapackage-Request-Id:
Root=1-61292774-5ede71692056c58345c60b7a'
[https @ 0x55ac9354d8c0] header='Vary: Accept-Encoding,Origin'
[https @ 0x55ac9354d8c0] header='Content-Range: bytes 0-3132/3133'
[https @ 0x55ac9354d8c0] header='Via: 1.1
4988aba3224481ada0837b985e86ef38.cloudfront.net (CloudFront)'
[https @ 0x55ac9354d8c0] header='X-Cff-Response: true'
[https @ 0x55ac9354d8c0] header='X-Cff-Request: true'
[https @ 0x55ac9354d8c0] header='Set-Cookie:
playToken=path:%2Fout%2Fv1%2Ffea30aa35ecd4c7abc06b4c7f8b4c980%2F|kid:0101|exp:1630168253|geo:AT|token:JSfTHzE4
-R9TBDtDhjT2YhVyGmV-
nk3HoJ3bTvp7Bew_;Path=/out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/;SameSite=None;Secure;'
[https @ 0x55ac9354d8c0] header='X-Cache: Miss from cloudfront'
[https @ 0x55ac9354d8c0] header='X-Amz-Cf-Pop: BUD50-C1'
[https @ 0x55ac9354d8c0] header='X-Amz-Cf-Id:
1yLpw9zRVtx1mKl4schta8A3Cts2RpnJzSeZlAEXDCET7v1gxvp5pA=='
[https @ 0x55ac9354d8c0] header=''
Probing hls score:100 size:2048
[hls @ 0x55ac9354cc40] Format hls probed with size=2048 and score=100
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-VERSION:4')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-INDEPENDENT-SEGMENTS')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-I-FRAME-STREAM-
INF:BANDWIDTH=128000,CODECS="avc1.4D401E",RESOLUTION=480x270,URI="index_7.m3u8?start=2021-08-27T15:45:17+00:00"')
[hls @ 0x55ac9354cc40] Can't support the subtitle(uri:
index_15_0.m3u8?start=2021-08-27T15:45:17+00:00)
[hls @ 0x55ac9354cc40] Can't support the subtitle(uri:
index_16_0.m3u8?start=2021-08-27T15:45:17+00:00)
[hls @ 0x55ac9354cc40] Can't support the subtitle(uri:
index_17_0.m3u8?start=2021-08-27T15:45:17+00:00)
[hls @ 0x55ac9354cc40] Opening 'https://ott-video-
cf.formula1.com/out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/index_1.m3u8?start=2021-08-27T15:45:17+00:00'
for reading
[tcp @ 0x55ac93b10380] Original list of addresses:
[tcp @ 0x55ac93b10380] Address 52.84.109.36 port 443
[tcp @ 0x55ac93b10380] Address 52.84.109.15 port 443
[tcp @ 0x55ac93b10380] Address 52.84.109.12 port 443
[tcp @ 0x55ac93b10380] Address 52.84.109.113 port 443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:2400:3:1e39:c280:93a1 port
443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:4600:3:1e39:c280:93a1 port
443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:600:3:1e39:c280:93a1 port
443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:0:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:de00:3:1e39:c280:93a1 port
443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:6e00:3:1e39:c280:93a1 port
443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:d400:3:1e39:c280:93a1 port
443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:3400:3:1e39:c280:93a1 port
443
[tcp @ 0x55ac93b10380] Interleaved list of addresses:
[tcp @ 0x55ac93b10380] Address 52.84.109.36 port 443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:2400:3:1e39:c280:93a1 port
443
[tcp @ 0x55ac93b10380] Address 52.84.109.15 port 443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:4600:3:1e39:c280:93a1 port
443
[tcp @ 0x55ac93b10380] Address 52.84.109.12 port 443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:600:3:1e39:c280:93a1 port
443
[tcp @ 0x55ac93b10380] Address 52.84.109.113 port 443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:0:3:1e39:c280:93a1 port 443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:de00:3:1e39:c280:93a1 port
443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:6e00:3:1e39:c280:93a1 port
443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:d400:3:1e39:c280:93a1 port
443
[tcp @ 0x55ac93b10380] Address 2600:9000:2050:3400:3:1e39:c280:93a1 port
443
[tcp @ 0x55ac93b10380] Starting connection attempt to 52.84.109.36 port
443
[tcp @ 0x55ac93b10380] Successfully connected to 52.84.109.36 port 443
[https @ 0x55ac93859c80] request: GET
/out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/index_1.m3u8?start=2021-08-27T15:45:17+00:00
HTTP/1.1
User-Agent: Lavf/58.76.100
Accept: */*
Range: bytes=0-
Connection: keep-alive
Host: ott-video-cf.formula1.com
Cookie:
playToken=path:%2Fout%2Fv1%2Ffea30aa35ecd4c7abc06b4c7f8b4c980%2F|kid:0101|exp:1630168253|geo:AT|token:JSfTHzE4
-R9TBDtDhjT2YhVyGmV-nk3HoJ3bTvp7Bew_
Icy-MetaData: 1
[https @ 0x55ac93859c80] header='HTTP/1.1 206 Partial Content'
[https @ 0x55ac93859c80] http_code=206
[https @ 0x55ac93859c80] header='Content-Type: application/x-mpegURL'
[https @ 0x55ac93859c80] header='Content-Length: 61512'
[https @ 0x55ac93859c80] header='Connection: keep-alive'
[https @ 0x55ac93859c80] header='Date: Fri, 27 Aug 2021 17:57:09 GMT'
[https @ 0x55ac93859c80] header='Server: nginx/1.18.0'
[https @ 0x55ac93859c80] header='Cache-Control: max-age=2'
[https @ 0x55ac93859c80] header='Access-Control-Allow-Origin: *'
[https @ 0x55ac93859c80] header='Access-Control-Allow-Credentials: true'
[https @ 0x55ac93859c80] header='X-Mediapackage-Request-Id:
Root=1-61292775-02a74e8552a03c9e36bb36a9'
[https @ 0x55ac93859c80] header='Vary: Accept-Encoding,Origin'
[https @ 0x55ac93859c80] header='Content-Range: bytes 0-61511/61512'
[https @ 0x55ac93859c80] header='Via: 1.1
d667fe6bf9fe3fd5597714f8c6efee73.cloudfront.net (CloudFront)'
[https @ 0x55ac93859c80] header='X-Cff-Response: true'
[https @ 0x55ac93859c80] header='X-Cff-Request: true'
[https @ 0x55ac93859c80] header='Set-Cookie:
playToken=path:%2Fout%2Fv1%2Ffea30aa35ecd4c7abc06b4c7f8b4c980%2F|kid:0101|exp:1630168253|geo:AT|token:JSfTHzE4
-R9TBDtDhjT2YhVyGmV-nk3HoJ3bTvp7Bew_'
[https @ 0x55ac93859c80] header='X-Cache: Miss from cloudfront'
[https @ 0x55ac93859c80] header='X-Amz-Cf-Pop: BUD50-C1'
[https @ 0x55ac93859c80] header='X-Amz-Cf-Id:
2v7h9tR72xGj6bC4_hcQEfd1z69smUJU1TTR701JllI6oMEgNcv58Q=='
[https @ 0x55ac93859c80] header=''
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-VERSION:4')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-DISCONTINUITY-SEQUENCE:14')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-
TIME:2021-08-27T15:45:11.677Z')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-
TIME:2021-08-27T15:55:11.677Z')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-
TIME:2021-08-27T16:05:11.677Z')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-
TIME:2021-08-27T16:15:11.677Z')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-
TIME:2021-08-27T16:25:11.677Z')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-
TIME:2021-08-27T16:35:11.677Z')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-
TIME:2021-08-27T16:45:11.677Z')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-
TIME:2021-08-27T16:55:11.677Z')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-
TIME:2021-08-27T17:05:11.677Z')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-
TIME:2021-08-27T17:15:11.677Z')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-
TIME:2021-08-27T17:25:11.677Z')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-
TIME:2021-08-27T17:35:11.677Z')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-
TIME:2021-08-27T17:45:11.677Z')
[hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-
TIME:2021-08-27T17:55:11.677Z')
[https @ 0x55ac93aef440] Opening 'https://ott-video-
cf.formula1.com/out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/index_2.m3u8?start=2021-08-27T15:45:17+00:00'
for reading
[https @ 0x55ac93859c80] request: GET
/out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/index_2.m3u8?start=2021-08-27T15:45:17+00:00
HTTP/1.1
User-Agent: Lavf/58.76.100
Accept: */*
Range: bytes=0-
Connection: keep-alive
Host: ott-video-cf.formula1.com
Icy-MetaData: 1
[https @ 0x55ac93859c80] header='HTTP/1.1 400 BadRequest'
[https @ 0x55ac93859c80] http_code=400
[https @ 0x55ac93859c80] HTTP error 400 BadRequest
}}}
Downstream reports
https://github.com/robvdpol/RaceControl/issues/210
https://github.com/SoMuchForSubtlety/f1viewer/issues/186
--
Ticket URL: <https://trac.ffmpeg.org/ticket/9396>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list