redirect bypasses the request filter

[mihaiav]

Have you read the FAQ and checked for duplicate open issues?
yes

What version of Shaka Player are you using?
v3.0.5

Can you reproduce the issue with our latest release version?
yes

Can you reproduce the issue with the latest code from master?
yes

Are you using the demo app or your own custom app?
custom app

If custom app, can you reproduce the issue using our demo app?

What browser and OS are you using?
macOS, chrome

For embedded devices (smart TVs, etc.), what model and firmware version are you using?

What are the manifest and license server URIs?

What did you do?

1. Register a request filter using player.getNetworkingEngine().registerRequestFilter()
2. Load a manifest from a URL(e.g. example.com/x.mpd )
3. The request filter is called, add specific headers (i.e. Authorization: xyz)
4. The resource server (example.com/x.mpd) issues a http 302 redirect to example-new.com/y.mpd) .
   What did you expect to happen?

What actually happened?

I expected to receive a new function call to the request filter with the redirected URI/resource(example-new.com/y.mpd) and set the right/appropriate headers.

Instead of this the client automatically followed the new URL and even used the same headers I sent in the previous url.

Is it possible to disable the automatic follow behaviour?
I don't want the client to automatically follow URLs without to pass them through the request filter first.
I don't want it to pass the headers set for the original URL to the redirected one either. I believe this is also a security issue as the auth header intended for the original domain is leaked to the redirected domain.

[TheModMaker]

If we use fetch, we could change the redirect field to do this. It would be much more complex and would probably have to be behind a config option. We may even want a different callback for this so the callback can see the response headers and the original data. We also won't be able to do this on platforms that don't support fetch.

Redirects are traditionally handled by the browser. We just tell it to handle the request and redirects are handled as part of that.

In the meantime, you can use application-level redirects.

[mihaiav]

We also won't be able to do this on platforms that don't support fetch.

All modern platforms/browsers seem to support fetch. Ending support for IE11 is planned after 3.0 #2339 .

The app we are building plays 3rd party content so we cannot control how the content is served/provided. Many content providers like to use standard(http) redirects.
It seems a bit odd to me to support "application-level redirects" but not standard (http) redirects.

[joeyparrish]

We do support standard HTTP redirects, specifically by allowing the browser to handle them internally.

But we understand your request to handle them at the JS level so that filters can be applied. That is completely reasonable.

For backward compatibility reasons, we would not make this the default behavior, though. If anyone is interested to work on a PR for this, it would involve the fetch plugin and NetworkingEngine. Thanks!

[avelad]

Is anyone interested in this yet? If no one answers, the issue will be closed automatically in 7 days.

[mihaiav]

Obviously I am and I think would make the software more correct. I need it for authentication purpose.

[avelad]

The Shaka team is not going to work on this functionality, so if you want to make a PR, we will be happy to review it.