This makes sure we don't send the Except: 100-continue header
if no authentication credentials have been provided.
Signed-off-by: Martin Storsjö <martin@martin.st>
It appears this bug originates from a "work in progress" patch from
ffmpeg-devel that was heavily redesigned by and integrated in libav
And that patch even had a reply and review on the mailing list pointing
out that it had a bug.
This fixes a deadlock with ffserver
See: [FFmpeg-devel] [PATCH] Fix HTTP authentication problem for POST actions.
[FFmpeg-devel] [PATCH 1/3] Introduce auth_phase flag, which will be true if authorization needs to be sent, but the type of authorization is not known yet Partial fix#3036
[FFmpeg-devel] [PATCH 2/3] Only add Transfer-Encoding header when not in authorization phase, because server will wait (indefinitely) for data when receiving this header Partial fix#3036
[FFmpeg-devel] [PATCH 3/3] Only allow posting data and/or forcing a 200 code, enabling posting isml chunks, -after- we did a possible first request to get a 403 from the server telling us which type of authentication to apply Final part fix#3036
See: 71549a857b
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Inspired by a patch by Jakob van Bethlehem. But instead of doing
an empty POST first to trigger the WWW-Authenticate header (which
would succeed if no auth actually was required), add an Expect:
100-continue header, which is meant to be used exactly for
cases like this.
The header is added if doing a post, and the user has specified
authentication but we don't know the auth method yet.
Not all common HTTP servers support the Expect: 100-continue header,
though, so we only try to use it when it really is needed. The user
can request it to be added for other POST requests as well via
an option - which would allow the caller to know immediately that
the POST has failed (e.g. if no auth was provided but the server
required it, or if the target URL simply doesn't exist).
This is only done for write mode posts (e.g. posts without pre-set
post_data) - for posts with pre-set data, we can just redo the post
if it failed due to 401.
Signed-off-by: Martin Storsjö <martin@martin.st>
The default is to autodetect the auth method. This does require one
extra request (and also closing and reopening the http connection).
For some cases such as HTTP POST, the autodetection is not handled
properly (yet).
No option is added for digest, since this method requires getting
nonce parameters from the server first and can't be used straight
away like Basic.
Signed-off-by: Martin Storsjö <martin@martin.st>
When passing a dict to the nested protocol, it will consume
the used options from it, so a separate copy needs to be used
when reopening the connection multiple times.
Signed-off-by: Martin Storsjö <martin@martin.st>
Derived from VLC's http module.
Original authors:
Antoine Cellerier <dionoea@videolan.org>
Sébastien Escudier <sebastien-devel@celeos.eu>
Rémi Duraffort <ivoire@videolan.org>
Rémi Denis-Courmont <remi@remlab.net>
Francois Cartegnie <fcvlcdev@free.fr>
Normally, http servers shouldn't send this to us since we
don't advertise it with an Accept-Encoding header, but some
servers still do it anyway.
Signed-off-by: Martin Storsjö <martin@martin.st>
Allow applications to request reading streamcast metadata. This uses
AVOptions as API, and requires the application to explicitly request
and read metadata. Metadata can be updated mid-stream; if an
application is interested in that, it has to poll for the data by
reading the "icy_metadata_packet" option in regular intervals.
There doesn't seem to be a nice way to transfer the metadata in a nicer
way. Converting the metadata to ID3v2 tags might be a nice idea, but
the libavformat mp3 demuxer doesn't seem to read these tags mid-stream,
and even then we couldn't guarantee that tags are not inserted in the
middle of mp3 packet data.
This commit provides the minimum to enable applications to retrieve
this information at all.
Signed-off-by: Stefano Sabatini <stefasab@gmail.com>
It is notably known to break playback on http streaming servers who use
the user agent to guess if it's a browser (to display a summary) or a
player (to stream the audio data).
This reverts 1fabd95.
Fixes Ticket #2663.
As far as I can tell the code should not change behaviour
depending on locale in any of these places.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
The handling of the environment variable no_proxy, present since
one of the initial commits (de6d9b6404), is inconsistent with
how many other applications and libraries interpret this
variable. Its bare presence does not indicate that the use of
proxies should be skipped, but it is some sort of pattern for
hosts that does not need using a proxy (e.g. for a local network).
As investigated by Rudolf Polzer, different libraries handle this
in different ways, some supporting IP address masks, some supporting
arbitrary globbing using *, some just checking that the pattern matches
the end of the hostname without regard for whether it actually is
the right domain or a domain that ends in the same string.
This simple logic should be pretty similar to the logic used by
lynx and curl.
Signed-off-by: Martin Storsjö <martin@martin.st>
Add an tri-state (seek, non seek, automatic detection) option to HTTP to control seekability (default: automatic).
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Use the MAX_URL_SIZE define where applicable. Increase buffer
sizes for all buffers that need to fit a long pathname - buffers
that need to fit only the hostname (and other short strings, but
not the pathname - such as "headers" in http_connect) are kept
at 1024 bytes for now.
Also increase the max line length in http_read_header, since it
might need to contain a full url for Location: redirects.
Signed-off-by: Martin Storsjö <martin@martin.st>
This can happen if doing a new request using the same socket,
but the new request failed, which clears the urlcontext.
Signed-off-by: Martin Storsjö <martin@martin.st>
This fixes issues with opening http urls that have authentication
or redirects, introduced in commit e999b641.
Signed-off-by: Martin Storsjö <martin@martin.st>
Introduce ff_http_do_new_request(), a new function which sends a new
HTTP request, reusing the existing connection to the server.
Signed-off-by: Martin Storsjö <martin@martin.st>
Add a new AVOption 'multiple_requests', which indicates if we want
to use persistent connections (ie. Connection: keep-alive).
Signed-off-by: Martin Storsjö <martin@martin.st>
Michael Niedermayer
Martin Storsjö
Zhang Rui
wm4
Clément Bœsch
Carl Eugen Hoyos
Reimar Döffinger
Micah Galizia
Stefano Sabatini
Clément Bœsch
Janne Grunau
Andrey Utkin
Duncan Salerno
Mans Rullgard
Ronald S. Bultje
Samuel Pitoiset