[FFmpeg-trac] #9396(ffmpeg:new): incorrect handling of cookies for m3u8 playlists

FFmpeg trac at avcodec.org
Fri Aug 27 21:05:47 EEST 2021


#9396: incorrect handling of cookies for m3u8 playlists
-------------------------------------+-------------------------------------
             Reporter:               |                     Type:  defect
  SoMuchForSubtlety                  |
               Status:  new          |                 Priority:  normal
            Component:  ffmpeg       |                  Version:  4.3.2
             Keywords:  m3u8,cookie  |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
 Summary of the bug:
 ffmpeg discards cookies from 'Set-Cookie' headers when accessing m3u8
 streams.

 How to reproduce:
 I'm trying to use ffmpeg play a m3u8 playlist. When requesting the master
 playlist file, the server response with a 'Set-Cookie' header.

 ffmpeg correctly uses that cookie when requesting the first sub-playlist,
 but then discards it for all subsequent requests, leading to
 authentication failure.

 {{{
 ❯ ffprobe -loglevel trace https://ott-video-
 cf.formula1.com/out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/index.m3u8\?kid\=1042\&exp\=1630168253\&ttl\=1440\&token\=p-xyz_\&start\=2021-08-27T15:45:17+00:00
 ffprobe version 4.4 Copyright (c) 2007-2021 the FFmpeg developers
   built with gcc 11 (GCC)
   configuration: --prefix=/usr --bindir=/usr/bin
 --datadir=/usr/share/ffmpeg --docdir=/usr/share/doc/ffmpeg
 --incdir=/usr/include/ffmpeg --libdir=/usr/lib64 --mandir=/usr/share/man
 --arch=x86_64 --optflags='-O2 -flto=auto -ffat-lto-objects -fexceptions -g
 -grecord-gcc-switches -pipe -Wall -Werror=format-security
 -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS
 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong
 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic
 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection'
 --extra-ldflags='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now
 -specs=/usr/lib/rpm/redhat/redhat-hardened-ld ' --extra-cflags='
 -I/usr/include/rav1e' --enable-libopencore-amrnb --enable-libopencore-
 amrwb --enable-libvo-amrwbenc --enable-version3 --enable-bzlib --disable-
 crystalhd --enable-fontconfig --enable-frei0r --enable-gcrypt --enable-
 gnutls --enable-ladspa --enable-libaom --enable-libdav1d --enable-libass
 --enable-libbluray --enable-libcdio --enable-libdrm --enable-libjack
 --enable-libfreetype --enable-libfribidi --enable-libgsm --enable-
 libmp3lame --enable-libmysofa --enable-nvenc --enable-openal --enable-
 opencl --enable-opengl --enable-libopenjpeg --enable-libopenmpt --enable-
 libopus --enable-libpulse --enable-librsvg --enable-librav1e --enable-
 libsmbclient --enable-version3 --enable-libsoxr --enable-libspeex
 --enable-libsrt --enable-libssh --enable-libsvtav1 --enable-libtheora
 --enable-libvorbis --enable-libv4l2 --enable-libvidstab --enable-libvmaf
 --enable-version3 --enable-vapoursynth --enable-libvpx --enable-vulkan
 --enable-libglslang --enable-libwebp --enable-libx264 --enable-libx265
 --enable-libxvid --enable-libxml2 --enable-libzimg --enable-libzvbi
 --enable-lv2 --enable-avfilter --enable-avresample --enable-libmodplug
 --enable-postproc --enable-pthreads --disable-static --enable-shared
 --enable-gpl --disable-debug --disable-stripping --shlibdir=/usr/lib64
 --enable-lto --enable-libmfx --enable-runtime-cpudetect
   libavutil      56. 70.100 / 56. 70.100
   libavcodec     58.134.100 / 58.134.100
   libavformat    58. 76.100 / 58. 76.100
   libavdevice    58. 13.100 / 58. 13.100
   libavfilter     7.110.100 /  7.110.100
   libavresample   4.  0.  0 /  4.  0.  0
   libswscale      5.  9.100 /  5.  9.100
   libswresample   3.  9.100 /  3.  9.100
   libpostproc    55.  9.100 / 55.  9.100
 [NULL @ 0x55ac9354cc40] Opening 'https://ott-video-
 cf.formula1.com/out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/index.m3u8?kid=1042&exp=1630168253&ttl=1440&token=p-xyz_&start=2021-08-27T15:45:17+00:00'
 for reading
 [https @ 0x55ac9354d8c0] Setting default whitelist
 'http,https,tls,rtp,tcp,udp,crypto,httpproxy'
 [tcp @ 0x55ac93550e40] Original list of addresses:
 [tcp @ 0x55ac93550e40] Address 52.84.109.12 port 443
 [tcp @ 0x55ac93550e40] Address 52.84.109.113 port 443
 [tcp @ 0x55ac93550e40] Address 52.84.109.36 port 443
 [tcp @ 0x55ac93550e40] Address 52.84.109.15 port 443
 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:d400:3:1e39:c280:93a1 port
 443
 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:2400:3:1e39:c280:93a1 port
 443
 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:6e00:3:1e39:c280:93a1 port
 443
 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:de00:3:1e39:c280:93a1 port
 443
 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:3400:3:1e39:c280:93a1 port
 443
 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:4600:3:1e39:c280:93a1 port
 443
 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:0:3:1e39:c280:93a1 port 443
 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:600:3:1e39:c280:93a1 port
 443
 [tcp @ 0x55ac93550e40] Interleaved list of addresses:
 [tcp @ 0x55ac93550e40] Address 52.84.109.12 port 443
 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:d400:3:1e39:c280:93a1 port
 443
 [tcp @ 0x55ac93550e40] Address 52.84.109.113 port 443
 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:2400:3:1e39:c280:93a1 port
 443
 [tcp @ 0x55ac93550e40] Address 52.84.109.36 port 443
 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:6e00:3:1e39:c280:93a1 port
 443
 [tcp @ 0x55ac93550e40] Address 52.84.109.15 port 443
 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:de00:3:1e39:c280:93a1 port
 443
 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:3400:3:1e39:c280:93a1 port
 443
 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:4600:3:1e39:c280:93a1 port
 443
 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:0:3:1e39:c280:93a1 port 443
 [tcp @ 0x55ac93550e40] Address 2600:9000:2050:600:3:1e39:c280:93a1 port
 443
 [tcp @ 0x55ac93550e40] Starting connection attempt to 52.84.109.12 port
 443
 [tcp @ 0x55ac93550e40] Successfully connected to 52.84.109.12 port 443
 [https @ 0x55ac9354d8c0] request: GET
 /out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/index.m3u8?kid=1042&exp=1630168253&ttl=1440&token=p-xyz_&start=2021-08-27T15:45:17+00:00
 HTTP/1.1
 User-Agent: Lavf/58.76.100
 Accept: */*
 Range: bytes=0-
 Connection: close
 Host: ott-video-cf.formula1.com
 Icy-MetaData: 1


 [https @ 0x55ac9354d8c0] header='HTTP/1.1 206 Partial Content'
 [https @ 0x55ac9354d8c0] http_code=206
 [https @ 0x55ac9354d8c0] header='Content-Type: application/x-mpegURL'
 [https @ 0x55ac9354d8c0] header='Content-Length: 3133'
 [https @ 0x55ac9354d8c0] header='Connection: close'
 [https @ 0x55ac9354d8c0] header='Date: Fri, 27 Aug 2021 17:57:08 GMT'
 [https @ 0x55ac9354d8c0] header='Server: nginx/1.18.0'
 [https @ 0x55ac9354d8c0] header='Cache-Control: max-age=2'
 [https @ 0x55ac9354d8c0] header='Access-Control-Allow-Origin: *'
 [https @ 0x55ac9354d8c0] header='Access-Control-Allow-Credentials: true'
 [https @ 0x55ac9354d8c0] header='X-Mediapackage-Request-Id:
 Root=1-61292774-5ede71692056c58345c60b7a'
 [https @ 0x55ac9354d8c0] header='Vary: Accept-Encoding,Origin'
 [https @ 0x55ac9354d8c0] header='Content-Range: bytes 0-3132/3133'
 [https @ 0x55ac9354d8c0] header='Via: 1.1
 4988aba3224481ada0837b985e86ef38.cloudfront.net (CloudFront)'
 [https @ 0x55ac9354d8c0] header='X-Cff-Response: true'
 [https @ 0x55ac9354d8c0] header='X-Cff-Request: true'
 [https @ 0x55ac9354d8c0] header='Set-Cookie:
 playToken=path:%2Fout%2Fv1%2Ffea30aa35ecd4c7abc06b4c7f8b4c980%2F|kid:0101|exp:1630168253|geo:AT|token:JSfTHzE4
 -R9TBDtDhjT2YhVyGmV-
 nk3HoJ3bTvp7Bew_;Path=/out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/;SameSite=None;Secure;'
 [https @ 0x55ac9354d8c0] header='X-Cache: Miss from cloudfront'
 [https @ 0x55ac9354d8c0] header='X-Amz-Cf-Pop: BUD50-C1'
 [https @ 0x55ac9354d8c0] header='X-Amz-Cf-Id:
 1yLpw9zRVtx1mKl4schta8A3Cts2RpnJzSeZlAEXDCET7v1gxvp5pA=='
 [https @ 0x55ac9354d8c0] header=''
 Probing hls score:100 size:2048
 [hls @ 0x55ac9354cc40] Format hls probed with size=2048 and score=100
 [hls @ 0x55ac9354cc40] Skip ('#EXT-X-VERSION:4')
 [hls @ 0x55ac9354cc40] Skip ('#EXT-X-INDEPENDENT-SEGMENTS')
 [hls @ 0x55ac9354cc40] Skip ('#EXT-X-I-FRAME-STREAM-
 INF:BANDWIDTH=128000,CODECS="avc1.4D401E",RESOLUTION=480x270,URI="index_7.m3u8?start=2021-08-27T15:45:17+00:00"')
 [hls @ 0x55ac9354cc40] Can't support the subtitle(uri:
 index_15_0.m3u8?start=2021-08-27T15:45:17+00:00)
 [hls @ 0x55ac9354cc40] Can't support the subtitle(uri:
 index_16_0.m3u8?start=2021-08-27T15:45:17+00:00)
 [hls @ 0x55ac9354cc40] Can't support the subtitle(uri:
 index_17_0.m3u8?start=2021-08-27T15:45:17+00:00)
 [hls @ 0x55ac9354cc40] Opening 'https://ott-video-
 cf.formula1.com/out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/index_1.m3u8?start=2021-08-27T15:45:17+00:00'
 for reading
 [tcp @ 0x55ac93b10380] Original list of addresses:
 [tcp @ 0x55ac93b10380] Address 52.84.109.36 port 443
 [tcp @ 0x55ac93b10380] Address 52.84.109.15 port 443
 [tcp @ 0x55ac93b10380] Address 52.84.109.12 port 443
 [tcp @ 0x55ac93b10380] Address 52.84.109.113 port 443
 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:2400:3:1e39:c280:93a1 port
 443
 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:4600:3:1e39:c280:93a1 port
 443
 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:600:3:1e39:c280:93a1 port
 443
 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:0:3:1e39:c280:93a1 port 443
 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:de00:3:1e39:c280:93a1 port
 443
 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:6e00:3:1e39:c280:93a1 port
 443
 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:d400:3:1e39:c280:93a1 port
 443
 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:3400:3:1e39:c280:93a1 port
 443
 [tcp @ 0x55ac93b10380] Interleaved list of addresses:
 [tcp @ 0x55ac93b10380] Address 52.84.109.36 port 443
 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:2400:3:1e39:c280:93a1 port
 443
 [tcp @ 0x55ac93b10380] Address 52.84.109.15 port 443
 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:4600:3:1e39:c280:93a1 port
 443
 [tcp @ 0x55ac93b10380] Address 52.84.109.12 port 443
 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:600:3:1e39:c280:93a1 port
 443
 [tcp @ 0x55ac93b10380] Address 52.84.109.113 port 443
 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:0:3:1e39:c280:93a1 port 443
 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:de00:3:1e39:c280:93a1 port
 443
 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:6e00:3:1e39:c280:93a1 port
 443
 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:d400:3:1e39:c280:93a1 port
 443
 [tcp @ 0x55ac93b10380] Address 2600:9000:2050:3400:3:1e39:c280:93a1 port
 443
 [tcp @ 0x55ac93b10380] Starting connection attempt to 52.84.109.36 port
 443
 [tcp @ 0x55ac93b10380] Successfully connected to 52.84.109.36 port 443
 [https @ 0x55ac93859c80] request: GET
 /out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/index_1.m3u8?start=2021-08-27T15:45:17+00:00
 HTTP/1.1
 User-Agent: Lavf/58.76.100
 Accept: */*
 Range: bytes=0-
 Connection: keep-alive
 Host: ott-video-cf.formula1.com
 Cookie:
 playToken=path:%2Fout%2Fv1%2Ffea30aa35ecd4c7abc06b4c7f8b4c980%2F|kid:0101|exp:1630168253|geo:AT|token:JSfTHzE4
 -R9TBDtDhjT2YhVyGmV-nk3HoJ3bTvp7Bew_
 Icy-MetaData: 1


 [https @ 0x55ac93859c80] header='HTTP/1.1 206 Partial Content'
 [https @ 0x55ac93859c80] http_code=206
 [https @ 0x55ac93859c80] header='Content-Type: application/x-mpegURL'
 [https @ 0x55ac93859c80] header='Content-Length: 61512'
 [https @ 0x55ac93859c80] header='Connection: keep-alive'
 [https @ 0x55ac93859c80] header='Date: Fri, 27 Aug 2021 17:57:09 GMT'
 [https @ 0x55ac93859c80] header='Server: nginx/1.18.0'
 [https @ 0x55ac93859c80] header='Cache-Control: max-age=2'
 [https @ 0x55ac93859c80] header='Access-Control-Allow-Origin: *'
 [https @ 0x55ac93859c80] header='Access-Control-Allow-Credentials: true'
 [https @ 0x55ac93859c80] header='X-Mediapackage-Request-Id:
 Root=1-61292775-02a74e8552a03c9e36bb36a9'
 [https @ 0x55ac93859c80] header='Vary: Accept-Encoding,Origin'
 [https @ 0x55ac93859c80] header='Content-Range: bytes 0-61511/61512'
 [https @ 0x55ac93859c80] header='Via: 1.1
 d667fe6bf9fe3fd5597714f8c6efee73.cloudfront.net (CloudFront)'
 [https @ 0x55ac93859c80] header='X-Cff-Response: true'
 [https @ 0x55ac93859c80] header='X-Cff-Request: true'
 [https @ 0x55ac93859c80] header='Set-Cookie:
 playToken=path:%2Fout%2Fv1%2Ffea30aa35ecd4c7abc06b4c7f8b4c980%2F|kid:0101|exp:1630168253|geo:AT|token:JSfTHzE4
 -R9TBDtDhjT2YhVyGmV-nk3HoJ3bTvp7Bew_'
 [https @ 0x55ac93859c80] header='X-Cache: Miss from cloudfront'
 [https @ 0x55ac93859c80] header='X-Amz-Cf-Pop: BUD50-C1'
 [https @ 0x55ac93859c80] header='X-Amz-Cf-Id:
 2v7h9tR72xGj6bC4_hcQEfd1z69smUJU1TTR701JllI6oMEgNcv58Q=='
 [https @ 0x55ac93859c80] header=''
 [hls @ 0x55ac9354cc40] Skip ('#EXT-X-VERSION:4')
 [hls @ 0x55ac9354cc40] Skip ('#EXT-X-DISCONTINUITY-SEQUENCE:14')
 [hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-
 TIME:2021-08-27T15:45:11.677Z')
 [hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-
 TIME:2021-08-27T15:55:11.677Z')
 [hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-
 TIME:2021-08-27T16:05:11.677Z')
 [hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-
 TIME:2021-08-27T16:15:11.677Z')
 [hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-
 TIME:2021-08-27T16:25:11.677Z')
 [hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-
 TIME:2021-08-27T16:35:11.677Z')
 [hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-
 TIME:2021-08-27T16:45:11.677Z')
 [hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-
 TIME:2021-08-27T16:55:11.677Z')
 [hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-
 TIME:2021-08-27T17:05:11.677Z')
 [hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-
 TIME:2021-08-27T17:15:11.677Z')
 [hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-
 TIME:2021-08-27T17:25:11.677Z')
 [hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-
 TIME:2021-08-27T17:35:11.677Z')
 [hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-
 TIME:2021-08-27T17:45:11.677Z')
 [hls @ 0x55ac9354cc40] Skip ('#EXT-X-PROGRAM-DATE-
 TIME:2021-08-27T17:55:11.677Z')
 [https @ 0x55ac93aef440] Opening 'https://ott-video-
 cf.formula1.com/out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/index_2.m3u8?start=2021-08-27T15:45:17+00:00'
 for reading
 [https @ 0x55ac93859c80] request: GET
 /out/v1/fea30aa35ecd4c7abc06b4c7f8b4c980/index_2.m3u8?start=2021-08-27T15:45:17+00:00
 HTTP/1.1
 User-Agent: Lavf/58.76.100
 Accept: */*
 Range: bytes=0-
 Connection: keep-alive
 Host: ott-video-cf.formula1.com
 Icy-MetaData: 1


 [https @ 0x55ac93859c80] header='HTTP/1.1 400 BadRequest'
 [https @ 0x55ac93859c80] http_code=400
 [https @ 0x55ac93859c80] HTTP error 400 BadRequest
 }}}

 Downstream reports

 https://github.com/robvdpol/RaceControl/issues/210
 https://github.com/SoMuchForSubtlety/f1viewer/issues/186
-- 
Ticket URL: <https://trac.ffmpeg.org/ticket/9396>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list