-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
redirect bypasses the request filter #2965
Comments
If we use Redirects are traditionally handled by the browser. We just tell it to handle the request and redirects are handled as part of that. In the meantime, you can use application-level redirects. |
All modern platforms/browsers seem to support fetch. Ending support for IE11 is planned after 3.0 #2339 . The app we are building plays 3rd party content so we cannot control how the content is served/provided. Many content providers like to use standard(http) redirects. |
We do support standard HTTP redirects, specifically by allowing the browser to handle them internally. But we understand your request to handle them at the JS level so that filters can be applied. That is completely reasonable. For backward compatibility reasons, we would not make this the default behavior, though. If anyone is interested to work on a PR for this, it would involve the fetch plugin and |
Is anyone interested in this yet? If no one answers, the issue will be closed automatically in 7 days. |
Obviously I am and I think would make the software more correct. I need it for authentication purpose. |
The Shaka team is not going to work on this functionality, so if you want to make a PR, we will be happy to review it. |
Have you read the FAQ and checked for duplicate open issues?
yes
What version of Shaka Player are you using?
v3.0.5
Can you reproduce the issue with our latest release version?
yes
Can you reproduce the issue with the latest code from
master
?yes
Are you using the demo app or your own custom app?
custom app
If custom app, can you reproduce the issue using our demo app?
What browser and OS are you using?
macOS, chrome
For embedded devices (smart TVs, etc.), what model and firmware version are you using?
What are the manifest and license server URIs?
What did you do?
player.getNetworkingEngine().registerRequestFilter()
example.com/x.mpd
)Authorization: xyz
)example-new.com/y.mpd
) .What did you expect to happen?
What actually happened?
I expected to receive a new function call to the request filter with the redirected URI/resource(
example-new.com/y.mpd
) and set the right/appropriate headers.Instead of this the client automatically followed the new URL and even used the same headers I sent in the previous url.
Is it possible to disable the automatic
follow
behaviour?I don't want the client to automatically follow URLs without to pass them through the request filter first.
I don't want it to pass the headers set for the original URL to the redirected one either. I believe this is also a security issue as the auth header intended for the original domain is leaked to the redirected domain.
The text was updated successfully, but these errors were encountered: