Closed pikachu937 closed 1 year ago
Hello, passing credentials through the URL is blocked by all modern browsers for security reasons.
Hello, passing credentials through the URL is blocked by all modern browsers for security reasons.
but if you follow the link https://login:password@ip:port/stream/stream.m3u8, nothing is blocked, but in this case the playlist is downloaded, so the browser does not block authentication
I have to amend my previous answer: all modern browsers don't pass credentials to subresources if credentials have been set in the URL. More infos: https://chromestatus.com/feature/5669008342777856
anyway, this is not a server issue.
This issue is being locked automatically because it has been closed for more than 6 months. Please open a new issue in case you encounter a similar problem.
Which version are you using?
v0.22.2
Which operating system are you using?
Describe the issue
When trying to view LL-HLS (with external authentication enabled) through the chrome/safari/firefox browser with authentication data (in the format https://login:password@ip:port/stream), the password is not accepted and a password entry window appears. If you enter the password manually, then viewing will be available. But this is not correct because the password has already been passed in the link.
Also, if I try to log in through curl(for example: curl https://login:password@ip:port/stream), then in the console I get html from the server, and in the server log I see successful authentication:
UPD. The same problem is observed in webrtc as well
Describe how to replicate the issue
Did you attach the server logs?
no
Did you attach a network dump?
no