Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v.1.3.0 WebRTC doesn't pass query to external authentication server #2756

Closed
1 of 13 tasks
Kaspermn33 opened this issue Nov 29, 2023 · 2 comments
Closed
1 of 13 tasks

v.1.3.0 WebRTC doesn't pass query to external authentication server #2756

Kaspermn33 opened this issue Nov 29, 2023 · 2 comments

Comments

@Kaspermn33
Copy link

Which version are you using?

v1.2.1 and v1.3.0

Which operating system are you using?

  • Linux amd64 standard
  • Linux amd64 Docker
  • Linux arm64 standard
  • Linux arm64 Docker
  • Linux arm7 standard
  • Linux arm7 Docker
  • Linux arm6 standard
  • Linux arm6 Docker
  • Windows amd64 standard
  • Windows amd64 Docker (WSL backend)
  • macOS amd64 standard
  • macOS amd64 Docker
  • Other (please describe)

Describe the issue

My setup

I'm using mediamtx as a middleman for loading an RTSP stream into my react frontend.
I'm using my own backend as an external authentication server.
It expects to receive a token in the query field of the payload.
Reading and writing should be in this format. Some/Extended/Path?token=SecretToken

The problem

I can publish an RTSP stream fine using ffmpeg with the token, but I can't read it again with WebRTC.
When I unmarshal the payload in my backend, I can see that the query field is an empty string.
I've found that it works with release v1.2.1, and breaks with v1.3.0.

The only difference I can see in the logs, is that with v1.3.0, the token seems to disappear after the server makes a 301 redirection.
And for some reason, it transforms my path into Some/Extended/Some/Extended/Path from Some/Extended/Path, but I'm guessing this is just a formatting change.

Let me know if you need more information.

Describe how to replicate the issue

  1. configure server to use external authentication server
  2. start external authentication server, that accepts token in query from payload
  3. start the mediamtx
  4. publish with ffmpeg with a token as a query parameter (works)
  5. read with webrtc with a token as a query parameter (fails)

Did you attach the server logs?

yes

v1.2.1 logs

2023/11/28 16:08:40 DEB [WebRTC] [conn [::1]:64669] GET /Some/Extended/Path
2023/11/28 16:08:40 DEB [WebRTC] [conn [::1]:64669] [c->s] GET /Some/Extended/Path?token=SecretToken HTTP/1.1
Host: localhost:8889
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Connection: keep-alive
Referer: http://localhost:5173/
Sec-Ch-Ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
Sec-Ch-Ua-Mobile: ?1
Sec-Ch-Ua-Platform: "Android"
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36


2023/11/28 16:08:40 DEB [WebRTC] [conn [::1]:64669] [s->c] HTTP/1.1 301 Moved Permanently
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: /Some/Extended/Path/?token=SecretToken
Server: mediamtx


2023/11/28 16:08:40 DEB [WebRTC] [conn [::1]:64669] GET /Some/Extended/Path/
2023/11/28 16:08:40 DEB [WebRTC] [conn [::1]:64669] [c->s] GET /Some/Extended/Path/?token=SecretToken HTTP/1.1
Host: localhost:8889
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Connection: keep-alive
Referer: http://localhost:5173/
Sec-Ch-Ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
Sec-Ch-Ua-Mobile: ?1
Sec-Ch-Ua-Platform: "Android"
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36


2023/11/28 16:08:40 DEB [WebRTC] [conn [::1]:64669] [s->c] HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Content-Type: text/html
Server: mediamtx

v.1.3.0 logs

2023/11/29 07:51:24 DEB [WebRTC] [conn [::1]:57495] GET /Some/Extended/Path
2023/11/29 07:51:24 DEB [WebRTC] [conn [::1]:57495] [c->s] GET /Some/Extended/Path?token=SecretToken HTTP/1.1
Host: localhost:8889
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Connection: keep-alive
Referer: http://localhost:5173/
Sec-Ch-Ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
Sec-Ch-Ua-Mobile: ?1
Sec-Ch-Ua-Platform: "Android"
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36


2023/11/29 07:51:24 DEB [WebRTC] [conn [::1]:57495] [s->c] HTTP/1.1 301 Moved Permanently
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: Some/Extended/Path/
Server: mediamtx


2023/11/29 07:51:24 DEB [WebRTC] [conn [::1]:57495] GET /Some/Extended/Some/Extended/Path/
2023/11/29 07:51:24 DEB [WebRTC] [conn [::1]:57495] [c->s] GET /Some/Extended/Some/Extended/Path/ HTTP/1.1
Host: localhost:8889
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Connection: keep-alive
Referer: http://localhost:5173/
Sec-Ch-Ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
Sec-Ch-Ua-Mobile: ?1
Sec-Ch-Ua-Platform: "Android"
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36


2023/11/29 07:51:24 DEB [WebRTC] [conn [::1]:57495] [s->c] HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Server: mediamtx
Www-Authenticate: Basic realm="mediamtx"

Did you attach a network dump?

no
@aler9
Copy link
Member

aler9 commented Dec 16, 2023

Hello, this is fixed since v1.4.0 (see #2773 and #2771)

@aler9 aler9 closed this as completed Dec 16, 2023
@github-actions GitHub Actions
Copy link
Contributor

This issue is being locked automatically because it has been closed for more than 6 months.
Please open a new issue in case you encounter a similar problem.

@github-actions github-actions bot locked and limited conversation to collaborators Jun 20, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Kaspermn33 @aler9